CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
CVE-2024-9486 (GCVE-0-2024-9486)
Vulnerability from cvelistv5 – Published: 2024-10-15 20:33 – Updated: 2024-10-16 18:56
VLAI
Title
VM images built with Image Builder and Proxmox provider use default credentials
Summary
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/kubernetes/kubernetes/issues/128006 | vendor-advisoryissue-tracking |
| https://github.com/kubernetes-sigs/image-builder/… | patch |
| https://groups.google.com/g/kubernetes-security-a… | mailing-list |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Kubernetes | Image Builder |
Affected:
0 , ≤ 0.1.37
(semver)
Unaffected: 0.1.38 |
|
| kubernetes | image_builder |
Affected:
0 , < 0.1.38
(semver)
cpe:2.3:a:kubernetes:image_builder:*:*:*:*:*:*:*:* |
Date Public
2024-10-14 15:25
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kubernetes:image_builder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_builder",
"vendor": "kubernetes",
"versions": [
{
"lessThan": "0.1.38",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T18:55:30.755505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:56:40.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Image Builder",
"repo": "https://github.com/kubernetes-sigs/image-builder",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "0.1.37",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "0.1.38"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nicolai Rybnikar @rybnico from Rybnikar Enterprises GmbH."
}
],
"datePublic": "2024-10-14T15:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA security issue was discovered in the Kubernetes Image Builder versions \u0026lt;= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider.\u003c/p\u003e"
}
],
"value": "A security issue was discovered in the Kubernetes Image Builder versions \u003c= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider."
}
],
"impacts": [
{
"capecId": "CAPEC-395",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-395 Bypassing Electronic Locks and Access Controls"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "VM Images built via Proxmox provider"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T20:33:43.138Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"vendor-advisory",
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/128006"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kubernetes-sigs/image-builder/pull/1595"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRebuild any affected images using a fixed version of Image Builder. Re-deploy the fixed images to any affected VMs.\u003c/p\u003e"
}
],
"value": "Rebuild any affected images using a fixed version of Image Builder. Re-deploy the fixed images to any affected VMs."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "VM images built with Image Builder and Proxmox provider use default credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePrior to upgrading, this vulnerability can be mitigated by disabling the builder account on affected VMs:\u003cbr\u003eusermod -L builder\u003c/p\u003e"
}
],
"value": "Prior to upgrading, this vulnerability can be mitigated by disabling the builder account on affected VMs:\nusermod -L builder"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2024-9486",
"datePublished": "2024-10-15T20:33:43.138Z",
"dateReserved": "2024-10-03T16:33:36.995Z",
"dateUpdated": "2024-10-16T18:56:40.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9594 (GCVE-0-2024-9594)
Vulnerability from cvelistv5 – Published: 2024-10-15 20:37 – Updated: 2024-10-16 16:21
VLAI
Title
VM images built with Image Builder with some providers use default credentials during builds
Summary
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/kubernetes/kubernetes/issues/128007 | vendor-advisoryissue-tracking |
| https://github.com/kubernetes-sigs/image-builder/… | patch |
| https://groups.google.com/g/kubernetes-security-a… | mailing-list |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Kubernetes | Image Builder |
Affected:
0 , ≤ 0.1.37
(semver)
Unaffected: 0.1.38 |
|
| kubernetes | image_builder |
Affected:
0 , < 0.1.38
(semver)
cpe:2.3:a:kubernetes:image_builder:*:*:*:*:*:*:*:* |
Date Public
2024-10-14 15:25
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kubernetes:image_builder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_builder",
"vendor": "kubernetes",
"versions": [
{
"lessThan": "0.1.38",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T16:20:46.180323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T16:21:56.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Image Builder",
"repo": "https://github.com/kubernetes-sigs/image-builder",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "0.1.37",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "0.1.38"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nicolai Rybnikar @rybnico from Rybnikar Enterprises GmbH."
}
],
"datePublic": "2024-10-14T15:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA security issue was discovered in the Kubernetes Image Builder versions \u0026lt;= v0.1.37 where default credentials are enabled during the image build process\u0026nbsp;when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring.\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A security issue was discovered in the Kubernetes Image Builder versions \u003c= v0.1.37 where default credentials are enabled during the image build process\u00a0when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring."
}
],
"impacts": [
{
"capecId": "CAPEC-395",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-395 Bypassing Electronic Locks and Access Controls"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "VM Images built via Nutanix, OVA, QEMU or raw provider"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T20:37:01.308Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"vendor-advisory",
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/128007"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kubernetes-sigs/image-builder/pull/1596"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRebuild any affected images using a fixed version of Image Builder. Re-deploy the fixed images to any affected VMs.\u003c/p\u003e"
}
],
"value": "Rebuild any affected images using a fixed version of Image Builder. Re-deploy the fixed images to any affected VMs."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "VM images built with Image Builder with some providers use default credentials during builds",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2024-9594",
"datePublished": "2024-10-15T20:37:01.308Z",
"dateReserved": "2024-10-07T16:39:37.106Z",
"dateUpdated": "2024-10-16T16:21:56.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9643 (GCVE-0-2024-9643)
Vulnerability from cvelistv5 – Published: 2025-02-04 14:47 – Updated: 2025-11-22 01:43
VLAI
Title
Four-Faith F3x36 Hidden Debug Credentials
Summary
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://vulncheck.com/advisories/four-faith-hard-… | third-party-advisory |
| https://talosintelligence.com/vulnerability_repor… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Four-Faith | F3x36 |
Affected:
2.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9643",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T15:51:11.212644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T15:51:15.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "F3x36",
"vendor": "Four-Faith",
"versions": [
{
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:four-faith:f3x24:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jacob Baines"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Four-Faith\u0026nbsp;F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.\u003cbr\u003e"
}
],
"value": "The Four-Faith\u00a0F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645."
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-22T01:43:40.757Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/four-faith-hard-coded-creds"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Four-Faith F3x36 Hidden Debug Credentials",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-9643",
"datePublished": "2025-02-04T14:47:40.214Z",
"dateReserved": "2024-10-08T18:08:00.149Z",
"dateUpdated": "2025-11-22T01:43:40.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0642 (GCVE-0-2025-0642)
Vulnerability from cvelistv5 – Published: 2025-10-02 12:37 – Updated: 2025-10-02 15:52
VLAI
Title
Hard-coded Credentials in PosCube's Assist
Summary
Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.This issue affects Assist: through 10.02.2025.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PosCube Hardware Software and Consulting Ltd. Co. | Assist |
Affected:
0 , ≤ 10.02.2025
(custom)
|
Date Public
2025-10-02 12:32
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T13:33:34.847053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:52:06.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Assist",
"vendor": "PosCube Hardware Software and Consulting Ltd. Co.",
"versions": [
{
"lessThanOrEqual": "10.02.2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u015eahnur Eren ALO\u011eLU"
}
],
"datePublic": "2025-10-02T12:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.\u003cp\u003eThis issue affects Assist: through 10.02.2025.\u003c/p\u003e"
}
],
"value": "Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.This issue affects Assist: through 10.02.2025."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
},
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T13:00:16.361Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0309"
}
],
"source": {
"advisory": "TR-25-0309",
"defect": [
"TR-25-0309"
],
"discovery": "UNKNOWN"
},
"title": "Hard-coded Credentials in PosCube\u0027s Assist",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-0642",
"datePublished": "2025-10-02T12:37:29.648Z",
"dateReserved": "2025-01-22T13:58:08.342Z",
"dateUpdated": "2025-10-02T15:52:06.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1029 (GCVE-0-2025-1029)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:16 – Updated: 2025-12-18 15:33
VLAI
Title
Hardcoded Credentials in Utarit Informatics' SoliClub
Summary
Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Utarit Information Services Inc. | SoliClub |
Affected:
5.2.4 , < 5.3.7
(custom)
|
Date Public
2025-12-18 14:13
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:30:59.536160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:33:10.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SoliClub",
"vendor": "Utarit Information Services Inc.",
"versions": [
{
"lessThan": "5.3.7",
"status": "affected",
"version": "5.2.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mustafa An\u0131l YILDIRIM"
}
],
"datePublic": "2025-12-18T14:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.\u003cp\u003eThis issue affects SoliClub: from 5.2.4 before 5.3.7.\u003c/p\u003e"
}
],
"value": "Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Constants Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:16:22.136Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0466"
}
],
"source": {
"advisory": "TR-25-0466",
"defect": [
"TR-25-0466"
],
"discovery": "UNKNOWN"
},
"title": "Hardcoded Credentials in Utarit Informatics\u0027 SoliClub",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-1029",
"datePublished": "2025-12-18T14:16:22.136Z",
"dateReserved": "2025-02-04T14:41:36.218Z",
"dateUpdated": "2025-12-18T15:33:10.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10609 (GCVE-0-2025-10609)
Vulnerability from cvelistv5 – Published: 2025-10-03 12:02 – Updated: 2025-10-03 13:51
VLAI
Title
Hardcoded Credentials in Logo Software's TigerWings ERP
Summary
Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable.This issue affects TigerWings ERP: from 01.01.00 before 3.03.00.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Logo Software Inc. | TigerWings ERP |
Affected:
01.01.00 , < 3.03.00
(custom)
|
Date Public
2025-10-03 13:12
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10609",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T13:51:31.960229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:51:42.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TigerWings ERP",
"vendor": "Logo Software Inc.",
"versions": [
{
"lessThan": "3.03.00",
"status": "affected",
"version": "01.01.00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Oguzhan Karasu"
}
],
"datePublic": "2025-10-03T13:12:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable.\u003cp\u003eThis issue affects TigerWings ERP: from 01.01.00 before 3.03.00.\u003c/p\u003e"
}
],
"value": "Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable.This issue affects TigerWings ERP: from 01.01.00 before 3.03.00."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Constants Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:49:48.274Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0313"
}
],
"source": {
"advisory": "TR-25-0313",
"defect": [
"TR-25-0313"
],
"discovery": "UNKNOWN"
},
"title": "Hardcoded Credentials in Logo Software\u0027s TigerWings ERP",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-10609",
"datePublished": "2025-10-03T12:02:41.289Z",
"dateReserved": "2025-09-17T07:09:24.886Z",
"dateUpdated": "2025-10-03T13:51:42.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10639 (GCVE-0-2025-10639)
Vulnerability from cvelistv5 – Published: 2025-10-21 11:36 – Updated: 2025-11-03 17:31
VLAI
Title
Usage of Hardcoded FTP Credentials EfficientLab WorkExaminer Professional
Summary
The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code execution as NT Authority\SYSTEM on the server by exchanging accessible service binaries in the WorkExaminer installation directory (e.g. "C:\Program File (x86)\Work Examiner Professional Server").
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://r.sec-consult.com/workexaminer | third-party-advisory |
| http://seclists.org/fulldisclosure/2025/Oct/19 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EfficientLab | WorkExaminer Professional |
Affected:
<= 4.0.0.52001
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10639",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T19:01:35.557725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T19:01:38.597Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:31:34.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Oct/19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WorkExaminer Professional",
"vendor": "EfficientLab",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.0.0.52001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias Niemann, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Daniel Hirschberger, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Thorger Jansen, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Marius Renner, SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe WorkExaminer Professional server installation comes with an FTP \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eserver that is used to receive the client logs on TCP port 12304.\u0026nbsp;\u003c/span\u003eAn attacker with network access to this port\u0026nbsp;can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code execution as NT Authority\\SYSTEM on the server by exchanging accessible service binaries\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein the WorkExaminer installation directory (e.g. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\"C:\\Program File (x86)\\Work Examiner Professional Server\").\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304.\u00a0An attacker with network access to this port\u00a0can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code execution as NT Authority\\SYSTEM on the server by exchanging accessible service binaries\u00a0in the WorkExaminer installation directory (e.g. \"C:\\Program File (x86)\\Work Examiner Professional Server\")."
}
],
"impacts": [
{
"capecId": "CAPEC-642",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-642 Replace Binaries"
}
]
},
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Constants Within an Executable"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T11:36:10.097Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/workexaminer"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vendor responded to the submission of our security vulnerabilities by stating that they are not within the scope of their bug bounty program. After telling them that we do not care about the bug bounty but a fix for the issues, we did not receive any further response.\u003cbr\u003e\u003cbr\u003eHence, there is no fix available for the identified security issues and we assume that this product is unmaintained. We urge customers to contact EfficientLab regarding the issues and a potential solution, such as using another product.\u003cbr\u003e"
}
],
"value": "The vendor responded to the submission of our security vulnerabilities by stating that they are not within the scope of their bug bounty program. After telling them that we do not care about the bug bounty but a fix for the issues, we did not receive any further response.\n\nHence, there is no fix available for the identified security issues and we assume that this product is unmaintained. We urge customers to contact EfficientLab regarding the issues and a potential solution, such as using another product."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Usage of Hardcoded FTP Credentials EfficientLab WorkExaminer Professional",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2025-10639",
"datePublished": "2025-10-21T11:36:10.097Z",
"dateReserved": "2025-09-17T14:05:15.138Z",
"dateUpdated": "2025-11-03T17:31:34.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10681 (GCVE-0-2025-10681)
Vulnerability from cvelistv5 – Published: 2026-04-03 20:26 – Updated: 2026-04-06 14:39
VLAI
Title
Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials
Summary
Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Gardyn | Mobile Application |
Affected:
0 , < 2.11.0
(custom)
|
|
| Gardyn | Cloud API |
Affected:
0 , < 2.12.2026
(custom)
|
Date Public
2026-04-02 16:39
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T14:37:51.581939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T14:39:20.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mobile Application",
"vendor": "Gardyn",
"versions": [
{
"lessThan": "2.11.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cloud API",
"vendor": "Gardyn",
"versions": [
{
"lessThan": "2.12.2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Groberman reported these vulnerabilities to CISA."
}
],
"datePublic": "2026-04-02T16:39:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers."
}
],
"value": "Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T20:26:12.913Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03"
},
{
"url": "https://mygardyn.com/security/"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json"
}
],
"source": {
"advisory": "ICSA-26-055-03",
"discovery": "EXTERNAL"
},
"title": "Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\u003cbr\u003e\n\u003cbr\u003eThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\u003cbr\u003e\n\u003cbr\u003eFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\n\n\nThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\n\n\nFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-10681",
"datePublished": "2026-04-03T20:26:12.913Z",
"dateReserved": "2025-09-18T11:58:39.111Z",
"dateUpdated": "2026-04-06T14:39:20.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10850 (GCVE-0-2025-10850)
Vulnerability from cvelistv5 – Published: 2025-10-16 06:47 – Updated: 2026-04-08 17:14
VLAI
Title
Felan Framework <= 1.1.4 - Hardcoded Credentials
Summary
The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fb_ajax_login_or_register' function and in the 'google_ajax_login_or_register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they registered with facebook or google social login and did not change their password. CVE-2025-23504 is likely a duplicate of this issue.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RiceTheme | Felan Framework |
Affected:
0 , ≤ 1.1.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:32:13.594518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T15:37:09.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Felan Framework",
"vendor": "RiceTheme",
"versions": [
{
"lessThanOrEqual": "1.1.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the \u0027fb_ajax_login_or_register\u0027 function and in the \u0027google_ajax_login_or_register\u0027 function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they registered with facebook or google social login and did not change their password. CVE-2025-23504 is likely a duplicate of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:14:32.471Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab4c7656-544c-4f2f-a42f-264ac90e3b61?source=cve"
},
{
"url": "https://themeforest.net/item/felan-freelance-marketplace-and-job-board-wordpress-theme/53612955"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-22T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-10-15T18:07:35.000Z",
"value": "Disclosed"
}
],
"title": "Felan Framework \u003c= 1.1.4 - Hardcoded Credentials"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10850",
"datePublished": "2025-10-16T06:47:30.221Z",
"dateReserved": "2025-09-22T06:50:24.943Z",
"dateUpdated": "2026-04-08T17:14:32.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11126 (GCVE-0-2025-11126)
Vulnerability from cvelistv5 – Published: 2025-09-29 00:02 – Updated: 2025-09-29 12:00
VLAI
Title
Apeman ID71 system.ini hard-coded credentials
Summary
A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation results in hard-coded credentials. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
9.8 (Critical)
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.326209 | vdb-entry |
| https://vuldb.com/?ctiid.326209 | signaturepermissions-required |
| https://vuldb.com/?submit.654168 | third-party-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T11:59:48.426627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T12:00:34.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ID71",
"vendor": "Apeman",
"versions": [
{
"status": "affected",
"version": "218.53.203.117"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "juliourena (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation results in hard-coded credentials. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Apeman ID71 218.53.203.117 entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /system/www/system.ini. Durch das Beeinflussen mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T00:02:05.583Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-326209 | Apeman ID71 system.ini hard-coded credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.326209"
},
{
"name": "VDB-326209 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.326209"
},
{
"name": "Submit #654168 | APEMAN IP CAMERA Model ID71 sysversion: 218.53.203.117 Hard-coded Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.654168"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-27T20:14:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "Apeman ID71 system.ini hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11126",
"datePublished": "2025-09-29T00:02:05.583Z",
"dateReserved": "2025-09-27T18:09:03.208Z",
"dateUpdated": "2025-09-29T12:00:34.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- For outbound authentication: store passwords, keys, and other credentials outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible [REF-7].
- In Windows environments, the Encrypted File System (EFS) may provide some protection.
Mitigation
Phase: Architecture and Design
Description:
- For inbound authentication: Rather than hard-code a default username and password, key, or other authentication credentials for first time logins, utilize a "first login" mode that requires the user to enter a unique strong password or key.
Mitigation
Phase: Architecture and Design
Description:
- If the product must contain hard-coded credentials or they cannot be removed, perform access control checks and limit which entities can access the feature that requires the hard-coded credentials. For example, a feature might only be enabled through the system console instead of through a network connection.
Mitigation
Phase: Architecture and Design
Description:
- For inbound authentication using passwords: apply strong one-way hashes to passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When handling an incoming password during authentication, take the hash of the password and compare it to the saved hash.
- Use randomly assigned salts for each separate hash that is generated. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method.
Mitigation
Phase: Architecture and Design
Description:
- For front-end to back-end connections: Three solutions are possible, although none are complete.
- The first suggestion involves the use of generated passwords or keys that are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals.
- Next, the passwords or keys should be limited at the back end to only performing actions valid for the front end, as opposed to having full access.
- Finally, the messages sent should be tagged and checksummed with time sensitive values so as to prevent replay-style attacks.
CAPEC-191: Read Sensitive Constants Within an Executable
An adversary engages in activities to discover any sensitive constants present within the compiled code of an executable. These constants may include literal ASCII strings within the file itself, or possibly strings hard-coded into particular routines that can be revealed by code refactoring methods including static and dynamic analysis.
CAPEC-70: Try Common or Default Usernames and Passwords
An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an intelligent brute force using empty passwords, known vendor default credentials, as well as a dictionary of common usernames and passwords. Many vendor products come preconfigured with default (and thus well-known) usernames and passwords that should be deleted prior to usage in a production environment. It is a common mistake to forget to remove these default login credentials. Another problem is that users would pick very simple (common) passwords (e.g. "secret" or "password") that make it easier for the attacker to gain access to the system compared to using a brute force attack or even a dictionary attack using a full dictionary.