CVE-2026-25043 in Budibaseinfo

Zusammenfassung (Englisch)

Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerability exists in Budibase’s password reset functionality due to the absence of rate limiting, CAPTCHA, or abuse prevention mechanisms on the “Forgot Password” endpoint. An unauthenticated attacker can repeatedly trigger password reset requests for the same email address, resulting in hundreds of password reset emails being sent in a short time window. This enables large-scale email flooding, user harassment, denial of service (DoS) against user inboxes, and potential financial and reputational impact for Budibase. This issue has been patched in version 3.23.25.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Zuständig

GitHub_M

Reservieren

28.01.2026

Veröffentlichung

03.04.2026

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
355178	Budibase Forgot Password Denial of Service	770	Nicht definiert	Offizieller Fix	CVE-2026-25043

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

◂ ZurückÜbersichtWeiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!