CWE-640
Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
CVE-2025-31380 (GCVE-0-2025-31380)
Vulnerability from cvelistv5 – Published: 2025-04-17 15:47 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress Paid Videochat Turnkey Site plugin <= 7.3.11 - Broken Authentication Vulnerability
Summary
Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Password Recovery Exploitation.This issue affects Paid Videochat Turnkey Site: from n/a through <= 7.3.11.
Severity
9.8 (Critical)
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| videowhisper | Paid Videochat Turnkey Site |
Affected:
0 , ≤ 7.3.11
(custom)
|
Date Public
2026-04-01 16:36
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T17:42:28.566247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:23:30.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ppv-live-webcams",
"product": "Paid Videochat Turnkey Site",
"vendor": "videowhisper",
"versions": [
{
"changes": [
{
"at": "7.3.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:36:54.380Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Password Recovery Exploitation.\u003cp\u003eThis issue affects Paid Videochat Turnkey Site: from n/a through \u003c= 7.3.11.\u003c/p\u003e"
}
],
"value": "Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Password Recovery Exploitation.This issue affects Paid Videochat Turnkey Site: from n/a through \u003c= 7.3.11."
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "Password Recovery Exploitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:05.517Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/ppv-live-webcams/vulnerability/wordpress-paid-videochat-turnkey-site-7-3-5-broken-authentication-vulnerability?_s_id=cve"
}
],
"title": "WordPress Paid Videochat Turnkey Site plugin \u003c= 7.3.11 - Broken Authentication Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-31380",
"datePublished": "2025-04-17T15:47:50.544Z",
"dateReserved": "2025-03-28T10:59:17.383Z",
"dateUpdated": "2026-04-28T16:12:05.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32486 (GCVE-0-2025-32486)
Vulnerability from cvelistv5 – Published: 2025-09-09 16:25 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress Material Dashboard plugin <= 1.4.6 - Privilege Escalation Vulnerability
Summary
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through <= 1.4.6.
Severity
9.8 (Critical)
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hossein | Material Dashboard |
Affected:
0 , ≤ 1.4.6
(custom)
|
Date Public
2026-04-01 16:38
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T17:49:26.251451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T18:40:58.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "material-dashboard",
"product": "Material Dashboard",
"vendor": "Hossein",
"versions": [
{
"changes": [
{
"at": "1.4.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Martino Spagnuolo (r3verii) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:38:34.670Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.\u003cp\u003eThis issue affects Material Dashboard: from n/a through \u003c= 1.4.6.\u003c/p\u003e"
}
],
"value": "Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through \u003c= 1.4.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:22.677Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/material-dashboard/vulnerability/wordpress-material-dashboard-1-4-6-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "WordPress Material Dashboard plugin \u003c= 1.4.6 - Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-32486",
"datePublished": "2025-09-09T16:25:32.379Z",
"dateReserved": "2025-04-09T11:19:01.929Z",
"dateUpdated": "2026-04-28T16:12:22.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36579 (GCVE-0-2025-36579)
Vulnerability from cvelistv5 – Published: 2026-04-16 16:05 – Updated: 2026-05-27 16:34
VLAI
Summary
Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access.
Severity
5.1 (Medium)
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00030045… | vendor-advisory |
Impacted products
120 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell Pro 14 Essential PV14250 |
Affected:
0 , < 1.4.0
(semver)
|
|
| Dell | Dell Pro Micro / QCM1255 |
Affected:
0 , < 1.9.1
(semver)
|
|
| Dell | Dell Pro Slim / QCS1255 |
Affected:
0 , < 1.9.1
(semver)
|
|
| Dell | Dell Pro Tower / QCT1255 |
Affected:
0 , < 1.9.1
(semver)
|
|
| Dell | Alienware 16 Area-51 AA16250 |
Affected:
0 , < 1.9.0
(semver)
|
|
| Dell | Alienware 16X Aurora AC16251 |
Affected:
0 , < 1.8.1
(semver)
|
|
| Dell | Alienware 18 Area-51 AA18250 |
Affected:
0 , < 1.9.0
(semver)
|
|
| Dell | Alienware Area-51 AAT225 |
Affected:
0 , < 1.11.0
(semver)
|
|
| Dell | Alienware Aurora ACT1250 |
Affected:
0 , < 1.10.0
(semver)
|
|
| Dell | Alienware m15 R6 |
Affected:
0 , < 1.42.0
(semver)
|
|
| Dell | Alienware m15 R7 |
Affected:
0 , < 1.37.0
(semver)
|
|
| Dell | Alienware m16 R1 |
Affected:
0 , < 1.32.0
(semver)
|
|
| Dell | Alienware m16 R2 |
Affected:
0 , < 1.18.0
(semver)
|
|
| Dell | Alienware m18 R1 |
Affected:
0 , < 1.32.0
(semver)
|
|
| Dell | Alienware M18 R2 |
Affected:
0 , < 1.20.0
(semver)
|
|
| Dell | Alienware x14 R2 |
Affected:
0 , < 1.30.1
(semver)
|
|
| Dell | Alienware x16 R1 |
Affected:
0 , < 1.30.1
(semver)
|
|
| Dell | Alienware X16 R2 |
Affected:
0 , < 1.18.1
(semver)
|
|
| Dell | ChengMing 3900 |
Affected:
0 , < 1.37.0
(semver)
|
|
| Dell | ChengMing 3910/3911 |
Affected:
0 , < 1.32.0
(semver)
|
|
| Dell | ChengMing 3990 |
Affected:
0 , < 1.35.1
(semver)
|
|
| Dell | ChengMing 3991 |
Affected:
0 , < 1.35.1
(semver)
|
|
| Dell | Dell 14 DC14250 |
Affected:
0 , < 1.4.0
(semver)
|
|
| Dell | Dell 14 Premium DA14250 |
Affected:
0 , < 1.5.1
(semver)
|
|
| Dell | Dell 15 DC15250 |
Affected:
0 , < 1.6.0
(semver)
|
|
| Dell | Dell 16 DC16250 |
Affected:
0 , < 1.7.0
(semver)
|
|
| Dell | Dell 16 DC16251 |
Affected:
0 , < 1.7.0
(semver)
|
|
| Dell | Dell 16 Premium DA16250 |
Affected:
0 , < 1.7.0
(semver)
|
|
| Dell | Dell G15 5510 |
Affected:
0 , < 1.38.0
(semver)
|
|
| Dell | Dell G15 5511 |
Affected:
0 , < 1.41.0
(semver)
|
|
| Dell | Dell G15 5520 |
Affected:
0 , < 1.38.0
(semver)
|
|
| Dell | Dell G15 5530 |
Affected:
0 , < 1.30.0
(semver)
|
|
| Dell | Dell G16 7620 |
Affected:
0 , < 1.38.0
(semver)
|
|
| Dell | Dell G16 7630 |
Affected:
0 , < 1.30.0
(semver)
|
|
| Dell | Dell G5 5000 |
Affected:
0 , < 1.28.2
(semver)
|
|
| Dell | Dell Pro 13 Plus PB13250 |
Affected:
0 , < 2.8.1
(semver)
|
|
| Dell | Dell Pro 13 Plus PB13255 |
Affected:
0 , < 1.9.1
(semver)
|
|
| Dell | Dell Pro 13 Premium PA13250 |
Affected:
0 , < 2.8.1
(semver)
|
|
| Dell | Dell Pro 14 PC14250 |
Affected:
0 , < 1.10.2
(semver)
|
|
| Dell | Dell Pro 14 Plus PB14250 |
Affected:
0 , < 2.8.1
(semver)
|
|
| Dell | Dell Pro 14 Plus PB14255 |
Affected:
0 , < 1.9.1
(semver)
|
|
| Dell | Dell Pro 14 Premium PA14250 |
Affected:
0 , < 2.8.1
(semver)
|
|
| Dell | Dell Pro 15 Essential PV15250 |
Affected:
0 , < 1.2.0
(semver)
|
|
| Dell | Dell Pro 16 PC16250 |
Affected:
0 , < 1.10.2
(semver)
|
|
| Dell | Dell Pro 16 Plus PB16250 |
Affected:
0 , < 2.8.1
(semver)
|
|
| Dell | Dell Pro 16 Plus PB16255 |
Affected:
0 , < 1.9.1
(custom)
|
|
| Dell | Dell Pro 24 All-in-One Plus/Dell Pro 24 All-in-One |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Laptop PC14250 |
Affected:
0 , < 1.10.2
(semver)
|
|
| Dell | Dell Pro Laptop PC16250 |
Affected:
0 , < 1.10.2
(semver)
|
|
| Dell | Dell Pro Max 14 MC14250 |
Affected:
0 , < 1.9.0
(semver)
|
|
| Dell | Dell Pro Max 14 MC14255 |
Affected:
0 , < 1.6.2
(semver)
|
|
| Dell | Dell Pro Max 16 MC16250 |
Affected:
0 , < 1.9.0
(semver)
|
|
| Dell | Dell Pro Max 16 MC16255 |
Affected:
0 , < 1.6.2
(semver)
|
|
| Dell | Dell Pro Max Micro FCM2250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Max Slim FCS1250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Max Tower T2 FCT2250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Micro/Micro Plus QCM1250/QBM1250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Rugged 13 RA13250 |
Affected:
0 , < 1.12.1
(semver)
|
|
| Dell | Dell Pro Rugged 14 RB14250 |
Affected:
0 , < 1.12.1
(semver)
|
|
| Dell | Dell Pro Slim Essential QVS1260 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Slim Plus QBS1250/Dell Pro Slim QCS1250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Tower Essential QVT1260 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Tower Plus QBT1250/Dell Pro Tower QCT1250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Slim ECS1250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Tower ECT1250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Tower Plus EBT2250 |
Affected:
0 , < 1.11.0
(semver)
|
|
| Dell | Inspiron 13 5320 |
Affected:
0 , < 1.30.0
(semver)
|
|
| Dell | Inspiron 13 5330 |
Affected:
0 , < 1.28.0
(semver)
|
|
| Dell | Inspiron 14 5420 |
Affected:
0 , < 1.33.0
(semver)
|
|
| Dell | Inspiron 14 5430 |
Affected:
0 , < 1.26.0
(semver)
|
|
| Dell | Inspiron 14 5440 |
Affected:
0 , < 1.19.0
(semver)
|
|
| Dell | Inspiron 14 7420 2-in-1 |
Affected:
0 , < 1.31.0
(semver)
|
|
| Dell | Inspiron 14 7430 2-in-1 |
Affected:
0 , < 1.26.0
(semver)
|
|
| Dell | Inspiron 14 7440 2-in-1 |
Affected:
0 , < 1.19.0
(semver)
|
|
| Dell | Inspiron 14 Plus 7420 |
Affected:
0 , < 1.34.0
(semver)
|
|
| Dell | Inspiron 14 Plus 7430 |
Affected:
0 , < 1.26.0
(semver)
|
|
| Dell | Inspiron 14 Plus 7440 |
Affected:
0 , < 1.22.0
(semver)
|
|
| Dell | Inspiron 15 3511 |
Affected:
0 , < 1.43.0
(semver)
|
|
| Dell | Inspiron 15 3520 |
Affected:
0 , < 1.39.0
(semver)
|
|
| Dell | Inspiron 16 5620 |
Affected:
0 , < 1.33.0
(semver)
|
|
| Dell | Inspiron 16 5630 |
Affected:
0 , < 1.26.0
(semver)
|
|
| Dell | Inspiron 16 5640 |
Affected:
0 , < 1.18.0
(semver)
|
|
| Dell | Inspiron 16 7610 |
Affected:
0 , < 1.36.0
(semver)
|
|
| Dell | Inspiron 16 7620 2-in-1 |
Affected:
0 , < 1.31.0
(semver)
|
|
| Dell | Inspiron 16 7630 2-in-1 |
Affected:
0 , < 1.26.0
(semver)
|
|
| Dell | Inspiron 16 7640 2-in-1 |
Affected:
0 , < 1.18.0
(semver)
|
|
| Dell | Inspiron 16 Plus 7620 |
Affected:
0 , < 1.34.0
(semver)
|
|
| Dell | Inspiron 16 Plus 7630 |
Affected:
0 , < 1.26.0
(semver)
|
|
| Dell | Inspiron 16 Plus 7640 |
Affected:
0 , < 1.22.0
(semver)
|
|
| Dell | Inspiron 24 5420 All-in-One |
Affected:
0 , < 1.25.0
(semver)
|
|
| Dell | Inspiron 24 5430 All-in-One |
Affected:
0 , < 1.18.0
(semver)
|
|
| Dell | Inspiron 27 7720 All-in-One |
Affected:
0 , < 1.25.0
(semver)
|
|
| Dell | Inspiron 27 7730 All-in-One |
Affected:
0 , < 1.18.0
(semver)
|
|
| Dell | Inspiron 3020 Desktop |
Affected:
0 , < 1.32.0
(semver)
|
|
| Dell | Inspiron 3020 Small Desktop |
Affected:
0 , < 1.32.0
(semver)
|
|
| Dell | Inspiron 3030 |
Affected:
0 , < 1.22.1
(semver)
|
|
| Dell | Inspiron 3030S |
Affected:
0 , < 1.22.1
(semver)
|
|
| Dell | Inspiron 3910 |
Affected:
0 , < 1.37.0
(semver)
|
|
| Dell | Inspiron 5400/5401 |
Affected:
0 , < 1.37.0
(semver)
|
|
| Dell | Inspiron 5401 AIO |
Affected:
0 , < 1.37.0
(semver)
|
|
| Dell | Inspiron 5410 All-in-One |
Affected:
0 , < 1.35.0
(semver)
|
|
| Dell | Inspiron 5510 |
Affected:
0 , < 2.39.0
(semver)
|
|
| Dell | Inspiron 7700 All-In-One |
Affected:
0 , < 1.37.0
(semver)
|
|
| Dell | Inspiron 7710 All-in-One |
Affected:
0 , < 1.35.0
(semver)
|
|
| Dell | Latitude 3120 |
Affected:
0 , < 1.35.1
(semver)
|
|
| Dell | Latitude 3140 |
Affected:
0 , < 1.28.1
(semver)
|
|
| Dell | Latitude 3140 2in1 |
Affected:
0 , < 1.28.1
(semver)
|
|
| Dell | Latitude 3320 |
Affected:
0 , < 1.41.0
(semver)
|
|
| Dell | Latitude 3330 |
Affected:
0 , < 1.33.0
(semver)
|
|
| Dell | Latitude 3340 |
Affected:
0 , < 1.29.0
(semver)
|
|
| Dell | Latitude 3410 |
Affected:
0 , < 1.36.0
(semver)
|
|
| Dell | Latitude 3420 |
Affected:
0 , < 1.46.0
(semver)
|
|
| Dell | Latitude 3430 |
Affected:
0 , < 1.32.0
(semver)
|
|
| Dell | Latitude 3440 |
Affected:
0 , < 1.29.0
(semver)
|
|
| Dell | Latitude 3450 |
Affected:
0 , < 1.20.0
(semver)
|
|
| Dell | Latitude 3510 |
Affected:
0 , < 1.36.0
(semver)
|
|
| Dell | Latitude 3520 |
Affected:
0 , < 1.46.0
(semver)
|
|
| Dell | Latitude 3530 |
Affected:
0 , < 1.32.0
(semver)
|
|
| Dell | Latitude 3540 |
Affected:
0 , < 1.29.0
(semver)
|
|
| Dell | Latitude 3550 |
Affected:
0 , < 1.20.0
(semver)
|
Date Public
2025-07-21 17:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T17:16:03.575331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T16:34:39.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Pro 14 Essential PV14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Micro / QCM1255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Slim / QCS1255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Tower / QCT1255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware 16 Area-51 AA16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware 16X Aurora AC16251",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware 18 Area-51 AA18250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware Area-51 AAT225",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware Aurora ACT1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m15 R6",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.42.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m15 R7",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m16 R1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m16 R2",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m18 R1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware M18 R2",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware x14 R2",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.30.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware x16 R1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.30.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware X16 R2",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.18.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ChengMing 3900",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ChengMing 3910/3911",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ChengMing 3990",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.35.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ChengMing 3991",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.35.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell 14 DC14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell 14 Premium DA14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell 15 DC15250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell 16 DC16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell 16 DC16251",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell 16 Premium DA16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell G15 5510",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.38.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell G15 5511",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.41.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell G15 5520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.38.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell G15 5530",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.30.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell G16 7620",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.38.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell G16 7630",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.30.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell G5 5000",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.28.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 13 Plus PB13250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 13 Plus PB13255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 13 Premium PA13250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 14 PC14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 14 Plus PB14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 14 Plus PB14255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 14 Premium PA14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 15 Essential PV15250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 16 PC16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 16 Plus PB16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 16 Plus PB16255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 24 All-in-One Plus/Dell Pro 24 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Laptop PC14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Laptop PC16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Max 14 MC14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Max 14 MC14255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Max 16 MC16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Max 16 MC16255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Max Micro FCM2250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Max Slim FCS1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Max Tower T2 FCT2250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Micro/Micro Plus QCM1250/QBM1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Rugged 13 RA13250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.12.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Rugged 14 RB14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.12.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Slim Essential QVS1260",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Slim Plus QBS1250/Dell Pro Slim QCS1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Tower Essential QVT1260",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Tower Plus QBT1250/Dell Pro Tower QCT1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Slim ECS1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Tower ECT1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Tower Plus EBT2250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 13 5320",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.30.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 13 5330",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.28.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 5420",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.33.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 5430",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 5440",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 7420 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.31.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 7430 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 7440 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 Plus 7420",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.34.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 Plus 7430",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 Plus 7440",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 15 3511",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.43.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 15 3520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.39.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 5620",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.33.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 5630",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 5640",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 7610",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 7620 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.31.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 7630 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 7640 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 Plus 7620",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.34.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 Plus 7630",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 Plus 7640",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 24 5420 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 24 5430 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 27 7720 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 27 7730 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 3020 Desktop",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 3020 Small Desktop",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 3030",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 3030S",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 3910",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 5400/5401",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 5401 AIO",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 5410 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.35.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 5510",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.39.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 7700 All-In-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 7710 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.35.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3120",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.35.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3140",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.28.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3140 2in1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.28.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3320",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.41.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3330",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.33.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3340",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3410",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3420",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.46.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3430",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3440",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3450",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3510",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.46.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3530",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3540",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3550",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Technologies would like to thank Bill Demirkapi of the Microsoft Security Response Center for reporting this issue."
}
],
"datePublic": "2025-07-21T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access."
}
],
"value": "Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T18:32:52.672Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000300450/dsa-2025-153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-36579",
"datePublished": "2026-04-16T16:05:32.561Z",
"dateReserved": "2025-04-15T21:30:44.885Z",
"dateUpdated": "2026-05-27T16:34:39.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3849 (GCVE-0-2025-3849)
Vulnerability from cvelistv5 – Published: 2025-04-21 23:31 – Updated: 2025-04-22 02:10
VLAI
Title
YXJ2018 SpringBoot-Vue-OnlineExam studentPWD unverified password change
Summary
A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
4.3 (Medium)
4.3 (Medium)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.305776 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.305776 | signaturepermissions-required |
| https://vuldb.com/?submit.556283 | third-party-advisory |
| https://github.com/YXJ2018/SpringBoot-Vue-OnlineE… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YXJ2018 | SpringBoot-Vue-OnlineExam |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T02:09:40.911567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T02:10:06.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SpringBoot-Vue-OnlineExam",
"vendor": "YXJ2018",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "lingmeng (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In YXJ2018 SpringBoot-Vue-OnlineExam 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /api/studentPWD. Durch das Beeinflussen des Arguments studentId mit unbekannten Daten kann eine unverified password change-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T23:31:04.814Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-305776 | YXJ2018 SpringBoot-Vue-OnlineExam studentPWD unverified password change",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.305776"
},
{
"name": "VDB-305776 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.305776"
},
{
"name": "Submit #556283 | YXJ2018 Examination system 1.0 Any user password modification",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.556283"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/YXJ2018/SpringBoot-Vue-OnlineExam/issues/74"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-21T15:53:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "YXJ2018 SpringBoot-Vue-OnlineExam studentPWD unverified password change"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3849",
"datePublished": "2025-04-21T23:31:04.814Z",
"dateReserved": "2025-04-21T13:48:31.125Z",
"dateUpdated": "2025-04-22T02:10:06.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41251 (GCVE-0-2025-41251)
Vulnerability from cvelistv5 – Published: 2025-09-29 18:45 – Updated: 2026-02-26 17:47
VLAI
Title
Weak password recovery vulnerability
Summary
VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.
Impact: Username enumeration → credential brute force risk.
Attack Vector: Remote, unauthenticated.
Severity: Important.
CVSSv3: 8.1 (High).
Acknowledgments: Reported by the National Security Agency.
Affected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x
NSX-T 3.x
VMware Cloud Foundation (with NSX) 5.x, 4.5.x
Fixed Versions: NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).
Workarounds: None.
Severity
8.1 (High)
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | NSX |
Affected:
VMware NSX - 9.x.x.x, 4.2.x, 4.1.x, 4.0.x
(custom)
Affected: VMware NSX-T - 3.x (custom) Affected: VMware Cloud Foundation (with NSX) - 5.x, 4.5.x (custom) Unaffected: VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287) (custom) |
Date Public
2025-09-29 18:26
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T03:55:13.799400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:50.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NSX",
"vendor": "vmware",
"versions": [
{
"status": "affected",
"version": "VMware NSX - 9.x.x.x, 4.2.x, 4.1.x, 4.0.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "VMware NSX-T - 3.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "VMware Cloud Foundation (with NSX) - 5.x, 4.5.x",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-29T18:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\u003cbr\u003e\u003cb\u003e\u003cbr\u003eImpact:\u003c/b\u003e\u0026nbsp;Username enumeration \u2192 credential brute force risk.\u003cbr\u003e\u003cb\u003eAttack Vector:\u003c/b\u003e\u0026nbsp;Remote, unauthenticated.\u003cbr\u003e\u003cb\u003eSeverity:\u003c/b\u003e\u0026nbsp;Important.\u003cbr\u003e\u003cb\u003eCVSSv3:\u003c/b\u003e\u0026nbsp;8.1 (High).\u003cbr\u003e\u003cb\u003e\u003cbr\u003eAcknowledgments:\u003c/b\u003e\u0026nbsp;Reported by the National Security Agency.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eAffected Products:\u003c/b\u003e\u003cp\u003eVMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\u003c/p\u003eNSX-T 3.x\u003cbr\u003eVMware Cloud Foundation (with NSX) 5.x, 4.5.x\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFixed Versions:\u003c/b\u003e NSX 9.0.1.0; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://4.2.2.2/4.2.3.1\"\u003e4.2.2.2/4.2.3.1\u003c/a\u003e; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\u003cbr\u003e\u003cb\u003eWorkarounds:\u003c/b\u003e None.\u003cbr\u003e\u003cul\u003e\n\u003c/ul\u003e\n\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\n\nImpact:\u00a0Username enumeration \u2192 credential brute force risk.\nAttack Vector:\u00a0Remote, unauthenticated.\nSeverity:\u00a0Important.\nCVSSv3:\u00a08.1 (High).\n\nAcknowledgments:\u00a0Reported by the National Security Agency.\n\nAffected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\n\nNSX-T 3.x\nVMware Cloud Foundation (with NSX) 5.x, 4.5.x\n\nFixed Versions: NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\nWorkarounds: None."
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-50 Password Recovery Exploitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T18:45:16.614Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak password recovery vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41251",
"datePublished": "2025-09-29T18:45:16.614Z",
"dateReserved": "2025-04-16T09:30:25.625Z",
"dateUpdated": "2026-02-26T17:47:50.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4319 (GCVE-0-2025-4319)
Vulnerability from cvelistv5 – Published: 2026-01-23 12:23 – Updated: 2026-03-26 07:11
VLAI
Title
Improper Access Control in Birebirsoft's Sufirmam
Summary
Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
9.4 (Critical)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Birebirsoft Software and Technology Solutions | Sufirmam |
Affected:
0 , ≤ 23012026
(custom)
|
Date Public
2026-01-23 12:19
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T14:16:02.146387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T14:16:15.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Sufirmam",
"vendor": "Birebirsoft Software and Technology Solutions",
"versions": [
{
"lessThanOrEqual": "23012026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "H\u00fcseyin \u00dcZ\u00dcM"
}
],
"datePublic": "2026-01-23T12:19:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.\u003cp\u003eThis issue affects Sufirmam: through 23012026.\u0026nbsp;NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\u003c/p\u003e"
}
],
"value": "Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026.\u00a0NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"impacts": [
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112 Brute Force"
}
]
},
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-50 Password Recovery Exploitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T07:11:15.102Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-26-0005"
}
],
"source": {
"advisory": "TR-26-0005",
"defect": [
"TR-26-0005"
],
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Birebirsoft\u0027s Sufirmam",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-4319",
"datePublished": "2026-01-23T12:23:24.949Z",
"dateReserved": "2025-05-05T14:16:11.197Z",
"dateUpdated": "2026-03-26T07:11:15.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4320 (GCVE-0-2025-4320)
Vulnerability from cvelistv5 – Published: 2026-01-23 12:26 – Updated: 2026-03-26 07:12
VLAI
Title
Information Disclosure in Birebirsoft's Sufirmam
Summary
Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
10 (Critical)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Birebirsoft Software and Technology Solutions | Sufirmam |
Affected:
0 , ≤ 23012026
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T14:14:05.876045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T14:15:47.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Sufirmam",
"vendor": "Birebirsoft Software and Technology Solutions",
"versions": [
{
"lessThanOrEqual": "23012026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "H\u00fcseyin \u00dcZ\u00dcM"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation.\u003cp\u003eThis issue affects Sufirmam: through 23012026.\u0026nbsp;NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\u003c/p\u003e"
}
],
"value": "Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026.\u00a0NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-50 Password Recovery Exploitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T07:12:04.900Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-26-0005"
}
],
"source": {
"advisory": "TR-26-0005",
"defect": [
"TR-26-0005"
],
"discovery": "UNKNOWN"
},
"title": "Information Disclosure in Birebirsoft\u0027s Sufirmam",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-4320",
"datePublished": "2026-01-23T12:26:46.557Z",
"dateReserved": "2025-05-05T14:16:12.553Z",
"dateUpdated": "2026-03-26T07:12:04.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4552 (GCVE-0-2025-4552)
Vulnerability from cvelistv5 – Published: 2025-05-11 23:31 – Updated: 2025-05-12 15:05
VLAI
Title
ContiNew Admin password unverified password change
Summary
A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The manipulation leads to unverified password change. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.4 (Medium)
5.4 (Medium)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.308299 | vdb-entry |
| https://vuldb.com/?ctiid.308299 | signaturepermissions-required |
| https://vuldb.com/?submit.567572 | third-party-advisory |
| https://github.com/uglory-gll/javasec/blob/main/c… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ContiNew Admin |
Affected:
3.0
Affected: 3.1 Affected: 3.2 Affected: 3.3 Affected: 3.4 Affected: 3.5 Affected: 3.6.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4552",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T15:05:32.249946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:05:41.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ContiNew Admin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.3"
},
{
"status": "affected",
"version": "3.4"
},
{
"status": "affected",
"version": "3.5"
},
{
"status": "affected",
"version": "3.6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "uglory (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The manipulation leads to unverified password change. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In ContiNew Admin bis 3.6.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /dev-api/system/user/1/password. Mit der Manipulation mit unbekannten Daten kann eine unverified password change-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.5,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-11T23:31:04.342Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-308299 | ContiNew Admin password unverified password change",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.308299"
},
{
"name": "VDB-308299 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.308299"
},
{
"name": "Submit #567572 | continew continew-admin 3.6.0 Logical loopholes",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.567572"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/uglory-gll/javasec/blob/main/continew-admin.md#21dev-apisystemuser1password-only-assigning-password-reset-permission-can-reset-the-super-administrator-password"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-10T17:50:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "ContiNew Admin password unverified password change"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4552",
"datePublished": "2025-05-11T23:31:04.342Z",
"dateReserved": "2025-05-10T15:45:14.197Z",
"dateUpdated": "2025-05-12T15:05:41.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47646 (GCVE-0-2025-47646)
Vulnerability from cvelistv5 – Published: 2025-05-23 12:43 – Updated: 2026-04-29 09:51
VLAI
Title
WordPress PSW Front-end Login & Registration plugin <= 1.13 - Broken Authentication Vulnerability
Summary
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13.
Severity
9.8 (Critical)
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gilblas Ngunte Possi | PSW Front-end Login & Registration |
Affected:
0 , ≤ 1.13
(custom)
|
Date Public
2026-04-01 16:40
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T17:03:06.157744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T17:03:12.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "psw-login-and-registration",
"product": "PSW Front-end Login \u0026 Registration",
"vendor": "Gilblas Ngunte Possi",
"versions": [
{
"lessThanOrEqual": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:40:23.330Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login \u0026 Registration psw-login-and-registration allows Password Recovery Exploitation.\u003cp\u003eThis issue affects PSW Front-end Login \u0026 Registration: from n/a through \u003c= 1.13.\u003c/p\u003e"
}
],
"value": "Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login \u0026 Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login \u0026 Registration: from n/a through \u003c= 1.13."
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "Password Recovery Exploitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:51:55.265Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/psw-login-and-registration/vulnerability/wordpress-psw-front-end-login-registration-1-12-broken-authentication-vulnerability?_s_id=cve"
}
],
"title": "WordPress PSW Front-end Login \u0026 Registration plugin \u003c= 1.13 - Broken Authentication Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-47646",
"datePublished": "2025-05-23T12:43:23.517Z",
"dateReserved": "2025-05-07T10:45:05.653Z",
"dateUpdated": "2026-04-29T09:51:55.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4903 (GCVE-0-2025-4903)
Vulnerability from cvelistv5 – Published: 2025-05-19 00:31 – Updated: 2025-05-19 15:21
VLAI
Title
D-Link DI-7003GV2 webgl.asp sub_41F4F0 unverified password change
Summary
A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
5.3 (Medium)
5.3 (Medium)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.309459 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.309459 | signaturepermissions-required |
| https://vuldb.com/?submit.578051 | third-party-advisory |
| https://github.com/at0de/my_vulns/blob/main/Dlink… | exploit |
| https://www.dlink.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | DI-7003GV2 |
Affected:
24.04.18D1 R(68125)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4903",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T14:51:21.159992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T15:21:59.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DI-7003GV2",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "24.04.18D1 R(68125)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "153528990 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0\u0026remote_management=0\u0026http_passwd=game\u0026exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in D-Link DI-7003GV2 24.04.18D1 R(68125) gefunden. Betroffen hiervon ist die Funktion sub_41F4F0 der Datei /H5/webgl.asp?tggl_port=0\u0026remote_management=0\u0026http_passwd=game\u0026exec_service=admin-restart. Durch das Manipulieren mit unbekannten Daten kann eine unverified password change-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T00:31:04.582Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-309459 | D-Link DI-7003GV2 webgl.asp sub_41F4F0 unverified password change",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.309459"
},
{
"name": "VDB-309459 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.309459"
},
{
"name": "Submit #578051 | D-Link DI-7003GV2 24.04.18D1 R(68125) Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.578051"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/at0de/my_vulns/blob/main/Dlink/Di-7003GV2/webgl_asp.md"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-17T15:11:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DI-7003GV2 webgl.asp sub_41F4F0 unverified password change"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4903",
"datePublished": "2025-05-19T00:31:04.582Z",
"dateReserved": "2025-05-17T13:06:16.188Z",
"dateUpdated": "2025-05-19T15:21:59.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Make sure that all input supplied by the user to the password recovery mechanism is thoroughly filtered and validated.
Mitigation
Phase: Architecture and Design
Description:
- Do not use standard weak security questions and use several security questions.
Mitigation
Phase: Architecture and Design
Description:
- Make sure that there is throttling on the number of incorrect answers to a security question. Disable the password recovery functionality after a certain (small) number of incorrect guesses.
Mitigation
Phase: Architecture and Design
Description:
- Require that the user properly answers the security question prior to resetting their password and sending the new password to the e-mail address of record.
Mitigation
Phase: Architecture and Design
Description:
- Never allow the user to control what e-mail address the new password will be sent to in the password recovery mechanism.
Mitigation
Phase: Architecture and Design
Description:
- Assign a new temporary password rather than revealing the original password.
CAPEC-50: Password Recovery Exploitation
An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.