CVE-2019-25338

MEDIUM EPSS 32.6%

Published Feb 12, 20264mo ago · Modified Jun 17, 20261w ago

6.9 CVSS 4.0

Medium

Published Feb 12, 2026 4mo ago

Last Modified Jun 17, 2026 1w ago

Description

DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.

CVSS Details

Base Score

6.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

32.6% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-204

Affected Products 1

Vendor	Product	Version	Range
dokuwiki	dokuwiki	2018-04-22b	any

References 4

download.dokuwiki.org https://download.dokuwiki.org/

Product
dokuwiki.org https://www.dokuwiki.org/dokuwiki

Product
exploit-db.com https://www.exploit-db.com/exploits/47731

ExploitVDB Entry
vulncheck.com https://www.vulncheck.com/advisories/dokuwiki-b-username-enumeration

Broken Link

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.