CVE-2025-0674
CVE-2025-0674
Título es
CVE-2025-0674
Vie, 07/02/2025 – 00:15
Tipo
CWE-288
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-0674
Descripción en
Multiple Elber products are affected by an authentication bypass
vulnerability which allows unauthorized access to the password
management functionality. Attackers can exploit this issue by
manipulating the endpoint to overwrite any user's password within the
system. This grants them unauthorized administrative access to protected
areas of the application, compromising the device's system security.
vulnerability which allows unauthorized access to the password
management functionality. Attackers can exploit this issue by
manipulating the endpoint to overwrite any user's password within the
system. This grants them unauthorized administrative access to protected
areas of the application, compromising the device's system security.
07/02/2025
07/02/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Gravedad 4.0
9.30
Gravedad 4.0 txt
CRITICAL
Gravedad 3.1 (CVSS 3.1 Base Score)
9.80
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL
Enviar en el boletín
Off
