CVE-2025-6216 | Allegra calculateTokenExpDate Password Recovery Authenticati… | CVSS 9.8 CRITICAL

Description

Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results from reliance upon a predictable value when generating a password reset token. An attacker can leverage this vulnerability to bypass authentication on the application. Was ZDI-CAN-27104.

Metadata

CVE ID: CVE-2025-6216
State: PUBLISHED
Assigner: zdi
Reserved: 2025-06-17 21:48 UTC
Published: 2025-06-21 00:08 UTC
Last updated: 2025-06-23 16:14 UTC
Primary CWE: CWE-640
CWE-640: Weak Password Recovery Mechanism for Forgotten Pass…
Vendor / Product: Allegra / Allegra
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.0

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Allegra	Allegra	—	8.1.3.32

Weakness (CWE)

CWE	Source	Description
CWE-640	cna	CWE-640: Weak Password Recovery Mechanism for Forgotten Password

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (2)

ZDI-25-410 https://www.zerodayinitiative.com/advisories/ZDI-25-410/
vendor-provided URL https://alltena.com/en/resources/release-notes/release-notes-for-release-8-1-4-and-release-7-5-2