CWE-620
AllowedUnverified Password Change
Abstraction: Base · Status: Draft
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
157 vulnerabilities reference this CWE, most recent first.
CVE-2025-14751 (GCVE-0-2025-14751)
Vulnerability from cvelistv5 – Published: 2026-01-22 21:42 – Updated: 2026-01-26 21:02- CWE-620 - Unverified Password Change
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Weintek | cMT3072XH |
Affected:
20200630 , < 20241112
(custom)
|
|
| Weintek | cMT3072XH(T) |
Affected:
20200630 , < 20241112
(custom)
|
|
| Weintek | cMT-SVRX-820 |
Affected:
20220413 , < 20240919
(custom)
|
|
| Weintek | cMT-CTRL01 |
Affected:
20230308 , < 20250827
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T21:01:59.502514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T21:02:09.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "cMT3072XH",
"vendor": "Weintek",
"versions": [
{
"lessThan": "20241112",
"status": "affected",
"version": "20200630",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT3072XH(T)",
"vendor": "Weintek",
"versions": [
{
"lessThan": "20241112",
"status": "affected",
"version": "20200630",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT-SVRX-820",
"vendor": "Weintek",
"versions": [
{
"lessThan": "20240919",
"status": "affected",
"version": "20220413",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT-CTRL01",
"vendor": "Weintek",
"versions": [
{
"lessThan": "20250827",
"status": "affected",
"version": "20230308",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joel Aviad Ossi of WebSec B.V reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low-privileged user can bypass account credentials without confirming the user\u0027s current authentication state, which may lead to unauthorized privilege escalation.\u003cbr\u003e"
}
],
"value": "A low-privileged user can bypass account credentials without confirming the user\u0027s current authentication state, which may lead to unauthorized privilege escalation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:42:50.871Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-05"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Weintek recommends users implement the following mitigation techniques: \u003cbr\u003e\u003cbr\u003e* cMT3072XH: Version 20241112\u003cbr\u003e* cMT3072XH(T): Version 20241112\u003cbr\u003e* cMT-SVRX-820: Version 20240919\u003cbr\u003e* cMT-CTRL01: Version 20250827\u003cbr\u003e\u003cbr\u003eFor more information, see Weintek\u0027s planned notice: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf\"\u003ehttps://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "Weintek recommends users implement the following mitigation techniques: \n\n* cMT3072XH: Version 20241112\n* cMT3072XH(T): Version 20241112\n* cMT-SVRX-820: Version 20240919\n* cMT-CTRL01: Version 20250827\n\nFor more information, see Weintek\u0027s planned notice: https://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unverified Password Change in Weintek cMT X Series HMI EasyWeb Service",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-14751",
"datePublished": "2026-01-22T21:42:50.871Z",
"dateReserved": "2025-12-15T20:40:05.015Z",
"dateUpdated": "2026-01-26T21:02:09.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13148 (GCVE-0-2025-13148)
Vulnerability from cvelistv5 – Published: 2025-12-11 19:48 – Updated: 2025-12-11 20:34- CWE-620 - Unverified Password Change
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7254434 | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Aspera Orchestrator |
Affected:
4.0.0 , ≤ 4.1.0
(semver)
cpe:2.3:a:ibm:aspera_orchestrator:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_orchestrator:4.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T20:28:26.053165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T20:34:48.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_orchestrator:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_orchestrator:4.1.0:*:*:*:*:*:*:*"
],
"product": "Aspera Orchestrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "4.1.0",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that password.\u003c/p\u003e"
}
],
"value": "IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T19:48:18.992Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7254434"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading: Product Version Platform Link to Fix IBM Aspera Orchestrator 4.1.1 Linux click here\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading: Product Version Platform Link to Fix IBM Aspera Orchestrator 4.1.1 Linux click here"
}
],
"title": "IBM Aspera Orchestrator Unverified Password Change",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13148",
"datePublished": "2025-12-11T19:48:18.992Z",
"dateReserved": "2025-11-13T20:10:16.726Z",
"dateUpdated": "2025-12-11T20:34:48.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11235 (GCVE-0-2025-11235)
Vulnerability from cvelistv5 – Published: 2026-01-06 22:16 – Updated: 2026-01-07 16:25- CWE-620 - Unverified Password Change
| Vendor | Product | Version | |
|---|---|---|---|
| Progress | MOVEit Transfer |
Affected:
2023.1.0 , < 2023.1.3
(semver)
Affected: 2023.0.0 , < 2023.0.8 (semver) Affected: 2022.1.0 , < 2022.1.11 (semver) Affected: 2022.0.0 , < 2022.0.10 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T16:24:49.767769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:25:41.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"REST API"
],
"platforms": [
"Windows"
],
"product": "MOVEit Transfer",
"vendor": "Progress",
"versions": [
{
"lessThan": "2023.1.3",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
},
{
"lessThan": "2023.0.8",
"status": "affected",
"version": "2023.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1.11",
"status": "affected",
"version": "2022.1.0",
"versionType": "semver"
},
{
"lessThan": "2022.0.10",
"status": "affected",
"version": "2022.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aden Yap Chuen Zhen, BAE SYSTEM Digital Intelligence"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).\u003cp\u003eThis issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10.\u003c/p\u003e"
}
],
"value": "Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T22:16:48.036Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://docs.progress.com/bundle/moveit-transfer-release-notes-2023_1/page/Fixed-Issues-in-2023.1.3.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MOVEit Transfer REST API does not require current password in order to initiate the password change process",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2025-11235",
"datePublished": "2026-01-06T22:16:48.036Z",
"dateReserved": "2025-10-01T19:09:58.385Z",
"dateUpdated": "2026-01-07T16:25:41.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10159 (GCVE-0-2025-10159)
Vulnerability from cvelistv5 – Published: 2025-09-09 20:58 – Updated: 2025-09-10 16:10- CWE-620 - Unverified Password Change
| Vendor | Product | Version | |
|---|---|---|---|
| Sophos | AP6 Series Wireless Access Points |
Affected:
0 , < 1.7.2563 (MR7)
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T13:41:20.476524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T16:10:07.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AP6 Series Wireless Access Points",
"vendor": "Sophos",
"versions": [
{
"lessThan": "1.7.2563 (MR7)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).\u003c/p\u003e"
}
],
"value": "An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7)."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T21:02:39.875Z",
"orgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"shortName": "Sophos"
},
"references": [
{
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"assignerShortName": "Sophos",
"cveId": "CVE-2025-10159",
"datePublished": "2025-09-09T20:58:26.650Z",
"dateReserved": "2025-09-09T12:39:01.231Z",
"dateUpdated": "2025-09-10T16:10:07.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9286 (GCVE-0-2025-9286)
Vulnerability from cvelistv5 – Published: 2025-10-03 11:17 – Updated: 2026-04-08 16:46- CWE-620 - Unverified Password Change
| Vendor | Product | Version | |
|---|---|---|---|
| hancock11 | Appy Pie Connect for WooCommerce |
Affected:
0 , ≤ 1.1.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T18:02:51.622311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T18:03:05.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Appy Pie Connect for WooCommerce",
"vendor": "hancock11",
"versions": [
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "JohSka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of arbitrary users, including administrators, thereby gaining administrative access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:46:14.529Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36fb5b8d-1ea4-45c2-8639-b229efdb57db?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/appy-pie-connect-for-woocommerce/trunk/connect-woocommerce-rest-api.php"
},
{
"url": "https://wordpress.org/plugins/appy-pie-connect-for-woocommerce/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3385150/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-02T22:31:47.000Z",
"value": "Disclosed"
}
],
"title": "Appy Pie Connect for WooCommerce \u003c= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9286",
"datePublished": "2025-10-03T11:17:10.009Z",
"dateReserved": "2025-08-20T21:29:49.417Z",
"dateUpdated": "2026-04-08T16:46:14.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6097 (GCVE-0-2025-6097)
Vulnerability from cvelistv5 – Published: 2025-06-16 00:00 – Updated: 2025-06-16 16:22| URL | Tags |
|---|---|
| https://vuldb.com/?id.312566 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.312566 | signaturepermissions-required |
| https://vuldb.com/?submit.589425 | third-party-advisory |
| https://github.com/pfwqdxwdd/cve/blob/main/6.md | related |
| https://github.com/pfwqdxwdd/cve/blob/main/6.md#poc | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6097",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T16:22:40.258870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:22:55.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Administrator Password Handler"
],
"product": "\u8fdb\u53d6 750W",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pfwqdxwdd (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in UTT \u8fdb\u53d6 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/setSysAdm of the component Administrator Password Handler. The manipulation of the argument passwd1 leads to unverified password change. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in UTT \u8fdb\u53d6 750W bis 5.0 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion formDefineManagement der Datei /goform/setSysAdm der Komponente Administrator Password Handler. Dank Manipulation des Arguments passwd1 mit unbekannten Daten kann eine unverified password change-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T00:00:12.840Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-312566 | UTT \u8fdb\u53d6 750W Administrator Password setSysAdm formDefineManagement unverified password change",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.312566"
},
{
"name": "VDB-312566 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.312566"
},
{
"name": "Submit #589425 | UTT \u8fdb\u53d6750w \u003c=V5.0 Unverified Password Change",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.589425"
},
{
"tags": [
"related"
],
"url": "https://github.com/pfwqdxwdd/cve/blob/main/6.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/pfwqdxwdd/cve/blob/main/6.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-15T09:01:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT \u8fdb\u53d6 750W Administrator Password setSysAdm formDefineManagement unverified password change"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6097",
"datePublished": "2025-06-16T00:00:12.840Z",
"dateReserved": "2025-06-15T06:56:23.268Z",
"dateUpdated": "2025-06-16T16:22:55.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5482 (GCVE-0-2025-5482)
Vulnerability from cvelistv5 – Published: 2025-06-04 07:21 – Updated: 2026-04-08 16:52- CWE-620 - Unverified Password Change
| Vendor | Product | Version | |
|---|---|---|---|
| sunshinephotocart | Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers |
Affected:
0 , ≤ 3.4.11
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T13:44:24.662897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T13:44:39.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sunshine Photo Cart \u2013 Client Photo Gallery \u0026 Photo Proofing for Photographers",
"vendor": "sunshinephotocart",
"versions": [
{
"lessThanOrEqual": "3.4.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brian Sans-Souci"
},
{
"lang": "en",
"type": "finder",
"value": "Audrey Fran\u00e7ois"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user\u0027s passwords through the password reset functionality, including administrators, and leverage that to reset the user\u0027s password and gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:52:57.489Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5311b43c-14dd-4bdd-b6d0-d6468b831968?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/sunshine-photo-cart/trunk/includes/functions/account.php#L303"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3305406%40sunshine-photo-cart%2Ftrunk\u0026old=3261773%40sunshine-photo-cart%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-03T19:10:16.000Z",
"value": "Disclosed"
}
],
"title": "Sunshine Photo Cart \u003c= 3.4.11 - Authenticated (Subscriber+) Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-5482",
"datePublished": "2025-06-04T07:21:45.490Z",
"dateReserved": "2025-06-02T19:40:42.633Z",
"dateUpdated": "2026-04-08T16:52:57.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4903 (GCVE-0-2025-4903)
Vulnerability from cvelistv5 – Published: 2025-05-19 00:31 – Updated: 2025-05-19 15:21| URL | Tags |
|---|---|
| https://vuldb.com/?id.309459 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.309459 | signaturepermissions-required |
| https://vuldb.com/?submit.578051 | third-party-advisory |
| https://github.com/at0de/my_vulns/blob/main/Dlink… | exploit |
| https://www.dlink.com/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | DI-7003GV2 |
Affected:
24.04.18D1 R(68125)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4903",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T14:51:21.159992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T15:21:59.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DI-7003GV2",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "24.04.18D1 R(68125)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "153528990 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0\u0026remote_management=0\u0026http_passwd=game\u0026exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in D-Link DI-7003GV2 24.04.18D1 R(68125) gefunden. Betroffen hiervon ist die Funktion sub_41F4F0 der Datei /H5/webgl.asp?tggl_port=0\u0026remote_management=0\u0026http_passwd=game\u0026exec_service=admin-restart. Durch das Manipulieren mit unbekannten Daten kann eine unverified password change-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T00:31:04.582Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-309459 | D-Link DI-7003GV2 webgl.asp sub_41F4F0 unverified password change",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.309459"
},
{
"name": "VDB-309459 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.309459"
},
{
"name": "Submit #578051 | D-Link DI-7003GV2 24.04.18D1 R(68125) Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.578051"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/at0de/my_vulns/blob/main/Dlink/Di-7003GV2/webgl_asp.md"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-17T15:11:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DI-7003GV2 webgl.asp sub_41F4F0 unverified password change"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4903",
"datePublished": "2025-05-19T00:31:04.582Z",
"dateReserved": "2025-05-17T13:06:16.188Z",
"dateUpdated": "2025-05-19T15:21:59.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4606 (GCVE-0-2025-4606)
Vulnerability from cvelistv5 – Published: 2025-07-09 03:22 – Updated: 2026-04-08 17:14- CWE-620 - Unverified Password Change
| Vendor | Product | Version | |
|---|---|---|---|
| uxper | Sala - Startup & SaaS WordPress Theme |
Affected:
0 , ≤ 1.1.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T14:29:03.169024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T14:29:40.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sala - Startup \u0026 SaaS WordPress Theme",
"vendor": "uxper",
"versions": [
{
"lessThanOrEqual": "1.1.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Th\u00e1i An"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Sala - Startup \u0026 SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user\u0027s identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:14:20.075Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa385a1f-1623-4f0a-bb2f-d4564b8f91bf?source=cve"
},
{
"url": "https://themeforest.net/item/sala-startup-saas-wordpress-theme/33843955?s_rank=4"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Sala - Startup \u0026 SaaS WordPress Theme \u003c= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-4606",
"datePublished": "2025-07-09T03:22:04.150Z",
"dateReserved": "2025-05-12T18:39:36.171Z",
"dateUpdated": "2026-04-08T17:14:20.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4558 (GCVE-0-2025-4558)
Vulnerability from cvelistv5 – Published: 2025-05-12 03:08 – Updated: 2025-05-12 17:40- CWE-620 - Unverified Password Change
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-10114-10b4b-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-10115-f5f14-2.html | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| WormHole Tech | GPM |
Affected:
0 , < 202502
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T17:36:18.250082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T17:40:03.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GPM",
"vendor": "WormHole Tech",
"versions": [
{
"lessThan": "202502",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-05-12T03:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user\u0027s password and use the modified password to log into the system."
}
],
"value": "The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user\u0027s password and use the modified password to log into the system."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T03:15:58.398Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-10114-10b4b-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-10115-f5f14-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp; Update to version 202502 or later\u003cbr\u003e"
}
],
"value": "Update to version 202502 or later"
}
],
"source": {
"advisory": "TVN-202505010",
"discovery": "EXTERNAL"
},
"title": "WormHole Tech GPM - Unverified Password Change",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2025-4558",
"datePublished": "2025-05-12T03:08:50.733Z",
"dateReserved": "2025-05-12T01:49:30.350Z",
"dateUpdated": "2025-05-12T17:40:03.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
When prompting for a password change, force the user to provide the original password in addition to the new password.
Mitigation
Do not use "forgotten password" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identity information until the correct password has been provided.
No CAPEC attack patterns related to this CWE.