Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
Ignition Software: Unauthenticated Password Recovery Email Exposure
CVE-2025-13913
Summary
The Ignition Software has an exposed API endpoint that could allow anyone to change the password recovery email address for any account. This could be exploited by attackers to gain unauthorized access to user accounts. IT administrators should review and secure the exposed API endpoint to prevent this issue.
Original title
Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure that may allow an attacker to remotely change the "forgot password" recovery email address.
Original description
Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure that may allow an attacker to remotely change the "forgot password" recovery email address.
nvd CVSS3.1
6.3
nvd CVSS4.0
5.4
Vulnerability type
CWE-502
Deserialization of Untrusted Data
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026