Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for NGC Explorer by Dígitro
CVE-2025-4528 (GCVE-0-2025-4528)
Vulnerability from nvd – Published: 2025-05-11 03:00 – Updated: 2026-05-27 14:34
VLAI
Title
Dígitro NGC Explorer session expiration
Summary
A weakness has been identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. This affects an unknown function. Executing a manipulation can lead to session expiration. The attack can be launched remotely. Upgrading to version 3.48.22 mitigates this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Session Expiration
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/308273 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/308273/cti | signaturepermissions-required |
| https://vuldb.com/submit/565309 | third-party-advisory |
| https://digitro.com/recomendacao-10-2026-ctir-gov/ | patch |
| https://www.gov.br/ctir/pt-br/assuntos/alertas-e-… | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dígitro | NGC Explorer |
Affected:
3.44.0
Affected: 3.44.1 Affected: 3.44.2 Affected: 3.44.3 Affected: 3.44.4 Affected: 3.44.5 Affected: 3.44.6 Affected: 3.44.7 Affected: 3.44.8 Affected: 3.44.9 Affected: 3.44.10 Affected: 3.44.11 Affected: 3.44.12 Affected: 3.44.13 Affected: 3.44.14 Affected: 3.44.15 Affected: 3.48.0 Affected: 3.48.1 Affected: 3.48.2 Affected: 3.48.3 Affected: 3.48.4 Affected: 3.48.5 Affected: 3.48.6 Affected: 3.48.7 Affected: 3.48.8 Affected: 3.48.9 Affected: 3.48.10 Affected: 3.48.11 Affected: 3.48.12 Affected: 3.48.13 Affected: 3.48.14 Affected: 3.48.15 Affected: 3.48.16 Affected: 3.48.17 Affected: 3.48.18 Affected: 3.48.19 Affected: 3.48.20 Affected: 3.48.21 Unaffected: 3.48.22 cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:33:25.278396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:33:36.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:*"
],
"product": "NGC Explorer",
"vendor": "D\u00edgitro",
"versions": [
{
"status": "affected",
"version": "3.44.0"
},
{
"status": "affected",
"version": "3.44.1"
},
{
"status": "affected",
"version": "3.44.2"
},
{
"status": "affected",
"version": "3.44.3"
},
{
"status": "affected",
"version": "3.44.4"
},
{
"status": "affected",
"version": "3.44.5"
},
{
"status": "affected",
"version": "3.44.6"
},
{
"status": "affected",
"version": "3.44.7"
},
{
"status": "affected",
"version": "3.44.8"
},
{
"status": "affected",
"version": "3.44.9"
},
{
"status": "affected",
"version": "3.44.10"
},
{
"status": "affected",
"version": "3.44.11"
},
{
"status": "affected",
"version": "3.44.12"
},
{
"status": "affected",
"version": "3.44.13"
},
{
"status": "affected",
"version": "3.44.14"
},
{
"status": "affected",
"version": "3.44.15"
},
{
"status": "affected",
"version": "3.48.0"
},
{
"status": "affected",
"version": "3.48.1"
},
{
"status": "affected",
"version": "3.48.2"
},
{
"status": "affected",
"version": "3.48.3"
},
{
"status": "affected",
"version": "3.48.4"
},
{
"status": "affected",
"version": "3.48.5"
},
{
"status": "affected",
"version": "3.48.6"
},
{
"status": "affected",
"version": "3.48.7"
},
{
"status": "affected",
"version": "3.48.8"
},
{
"status": "affected",
"version": "3.48.9"
},
{
"status": "affected",
"version": "3.48.10"
},
{
"status": "affected",
"version": "3.48.11"
},
{
"status": "affected",
"version": "3.48.12"
},
{
"status": "affected",
"version": "3.48.13"
},
{
"status": "affected",
"version": "3.48.14"
},
{
"status": "affected",
"version": "3.48.15"
},
{
"status": "affected",
"version": "3.48.16"
},
{
"status": "affected",
"version": "3.48.17"
},
{
"status": "affected",
"version": "3.48.18"
},
{
"status": "affected",
"version": "3.48.19"
},
{
"status": "affected",
"version": "3.48.20"
},
{
"status": "affected",
"version": "3.48.21"
},
{
"status": "unaffected",
"version": "3.48.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "j369 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in D\u00edgitro NGC Explorer up to 3.44.15/3.48.21. This affects an unknown function. Executing a manipulation can lead to session expiration. The attack can be launched remotely. Upgrading to version 3.48.22 mitigates this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:34:18.093Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-308273 | D\u00edgitro NGC Explorer session expiration",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/308273"
},
{
"name": "VDB-308273 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/308273/cti"
},
{
"name": "Submit #565309 | D\u00edgitro NGC Explorer 3.44.15 Improper session token expiration",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/565309"
},
{
"tags": [
"patch"
],
"url": "https://digitro.com/recomendacao-10-2026-ctir-gov/"
},
{
"tags": [
"related"
],
"url": "https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-27T16:38:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "D\u00edgitro NGC Explorer session expiration"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4528",
"datePublished": "2025-05-11T03:00:06.849Z",
"dateReserved": "2025-05-10T05:30:00.544Z",
"dateUpdated": "2026-05-27T14:34:18.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4527 (GCVE-0-2025-4527)
Vulnerability from nvd – Published: 2025-05-11 02:00 – Updated: 2026-05-27 14:33
VLAI
Title
Dígitro NGC Explorer Password Transmission client-side enforcement of server-side security
Summary
A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. Upgrading to version 3.48.22 is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/308272 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/308272/cti | signaturepermissions-required |
| https://vuldb.com/submit/565308 | third-party-advisory |
| https://digitro.com/recomendacao-10-2026-ctir-gov/ | patch |
| https://www.gov.br/ctir/pt-br/assuntos/alertas-e-… | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dígitro | NGC Explorer |
Affected:
3.44.0
Affected: 3.44.1 Affected: 3.44.2 Affected: 3.44.3 Affected: 3.44.4 Affected: 3.44.5 Affected: 3.44.6 Affected: 3.44.7 Affected: 3.44.8 Affected: 3.44.9 Affected: 3.44.10 Affected: 3.44.11 Affected: 3.44.12 Affected: 3.44.13 Affected: 3.44.14 Affected: 3.44.15 Affected: 3.48.0 Affected: 3.48.1 Affected: 3.48.2 Affected: 3.48.3 Affected: 3.48.4 Affected: 3.48.5 Affected: 3.48.6 Affected: 3.48.7 Affected: 3.48.8 Affected: 3.48.9 Affected: 3.48.10 Affected: 3.48.11 Affected: 3.48.12 Affected: 3.48.13 Affected: 3.48.14 Affected: 3.48.15 Affected: 3.48.16 Affected: 3.48.17 Affected: 3.48.18 Affected: 3.48.19 Affected: 3.48.20 Affected: 3.48.21 Unaffected: 3.48.22 cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:37:44.613444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:37:50.244Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:*"
],
"modules": [
"Password Transmission Handler"
],
"product": "NGC Explorer",
"vendor": "D\u00edgitro",
"versions": [
{
"status": "affected",
"version": "3.44.0"
},
{
"status": "affected",
"version": "3.44.1"
},
{
"status": "affected",
"version": "3.44.2"
},
{
"status": "affected",
"version": "3.44.3"
},
{
"status": "affected",
"version": "3.44.4"
},
{
"status": "affected",
"version": "3.44.5"
},
{
"status": "affected",
"version": "3.44.6"
},
{
"status": "affected",
"version": "3.44.7"
},
{
"status": "affected",
"version": "3.44.8"
},
{
"status": "affected",
"version": "3.44.9"
},
{
"status": "affected",
"version": "3.44.10"
},
{
"status": "affected",
"version": "3.44.11"
},
{
"status": "affected",
"version": "3.44.12"
},
{
"status": "affected",
"version": "3.44.13"
},
{
"status": "affected",
"version": "3.44.14"
},
{
"status": "affected",
"version": "3.44.15"
},
{
"status": "affected",
"version": "3.48.0"
},
{
"status": "affected",
"version": "3.48.1"
},
{
"status": "affected",
"version": "3.48.2"
},
{
"status": "affected",
"version": "3.48.3"
},
{
"status": "affected",
"version": "3.48.4"
},
{
"status": "affected",
"version": "3.48.5"
},
{
"status": "affected",
"version": "3.48.6"
},
{
"status": "affected",
"version": "3.48.7"
},
{
"status": "affected",
"version": "3.48.8"
},
{
"status": "affected",
"version": "3.48.9"
},
{
"status": "affected",
"version": "3.48.10"
},
{
"status": "affected",
"version": "3.48.11"
},
{
"status": "affected",
"version": "3.48.12"
},
{
"status": "affected",
"version": "3.48.13"
},
{
"status": "affected",
"version": "3.48.14"
},
{
"status": "affected",
"version": "3.48.15"
},
{
"status": "affected",
"version": "3.48.16"
},
{
"status": "affected",
"version": "3.48.17"
},
{
"status": "affected",
"version": "3.48.18"
},
{
"status": "affected",
"version": "3.48.19"
},
{
"status": "affected",
"version": "3.48.20"
},
{
"status": "affected",
"version": "3.48.21"
},
{
"status": "unaffected",
"version": "3.48.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "j369 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in D\u00edgitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. Upgrading to version 3.48.22 is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:33:40.761Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-308272 | D\u00edgitro NGC Explorer Password Transmission client-side enforcement of server-side security",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/308272"
},
{
"name": "VDB-308272 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/308272/cti"
},
{
"name": "Submit #565308 | D\u00edgitro NGC Explorer 3.44.15 Improper client-side encryption implementation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/565308"
},
{
"tags": [
"patch"
],
"url": "https://digitro.com/recomendacao-10-2026-ctir-gov/"
},
{
"tags": [
"related"
],
"url": "https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-27T16:38:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "D\u00edgitro NGC Explorer Password Transmission client-side enforcement of server-side security"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4527",
"datePublished": "2025-05-11T02:00:06.268Z",
"dateReserved": "2025-05-10T05:29:57.658Z",
"dateUpdated": "2026-05-27T14:33:40.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4526 (GCVE-0-2025-4526)
Vulnerability from nvd – Published: 2025-05-11 01:00 – Updated: 2026-05-27 14:33
VLAI
Title
Dígitro NGC Explorer Configuration missing password field masking
Summary
A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing password field masking. It is possible to launch the attack remotely. Upgrading to version 3.48.22 is sufficient to fix this issue. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/308271 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/308271/cti | signaturepermissions-required |
| https://vuldb.com/submit/565307 | third-party-advisory |
| https://digitro.com/recomendacao-10-2026-ctir-gov/ | patch |
| https://www.gov.br/ctir/pt-br/assuntos/alertas-e-… | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dígitro | NGC Explorer |
Affected:
3.44.0
Affected: 3.44.1 Affected: 3.44.2 Affected: 3.44.3 Affected: 3.44.4 Affected: 3.44.5 Affected: 3.44.6 Affected: 3.44.7 Affected: 3.44.8 Affected: 3.44.9 Affected: 3.44.10 Affected: 3.44.11 Affected: 3.44.12 Affected: 3.44.13 Affected: 3.44.14 Affected: 3.44.15 Affected: 3.48.0 Affected: 3.48.1 Affected: 3.48.2 Affected: 3.48.3 Affected: 3.48.4 Affected: 3.48.5 Affected: 3.48.6 Affected: 3.48.7 Affected: 3.48.8 Affected: 3.48.9 Affected: 3.48.10 Affected: 3.48.11 Affected: 3.48.12 Affected: 3.48.13 Affected: 3.48.14 Affected: 3.48.15 Affected: 3.48.16 Affected: 3.48.17 Affected: 3.48.18 Affected: 3.48.19 Affected: 3.48.20 Affected: 3.48.21 Unaffected: 3.48.22 cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:38:09.297067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:38:15.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:*"
],
"modules": [
"Configuration Page"
],
"product": "NGC Explorer",
"vendor": "D\u00edgitro",
"versions": [
{
"status": "affected",
"version": "3.44.0"
},
{
"status": "affected",
"version": "3.44.1"
},
{
"status": "affected",
"version": "3.44.2"
},
{
"status": "affected",
"version": "3.44.3"
},
{
"status": "affected",
"version": "3.44.4"
},
{
"status": "affected",
"version": "3.44.5"
},
{
"status": "affected",
"version": "3.44.6"
},
{
"status": "affected",
"version": "3.44.7"
},
{
"status": "affected",
"version": "3.44.8"
},
{
"status": "affected",
"version": "3.44.9"
},
{
"status": "affected",
"version": "3.44.10"
},
{
"status": "affected",
"version": "3.44.11"
},
{
"status": "affected",
"version": "3.44.12"
},
{
"status": "affected",
"version": "3.44.13"
},
{
"status": "affected",
"version": "3.44.14"
},
{
"status": "affected",
"version": "3.44.15"
},
{
"status": "affected",
"version": "3.48.0"
},
{
"status": "affected",
"version": "3.48.1"
},
{
"status": "affected",
"version": "3.48.2"
},
{
"status": "affected",
"version": "3.48.3"
},
{
"status": "affected",
"version": "3.48.4"
},
{
"status": "affected",
"version": "3.48.5"
},
{
"status": "affected",
"version": "3.48.6"
},
{
"status": "affected",
"version": "3.48.7"
},
{
"status": "affected",
"version": "3.48.8"
},
{
"status": "affected",
"version": "3.48.9"
},
{
"status": "affected",
"version": "3.48.10"
},
{
"status": "affected",
"version": "3.48.11"
},
{
"status": "affected",
"version": "3.48.12"
},
{
"status": "affected",
"version": "3.48.13"
},
{
"status": "affected",
"version": "3.48.14"
},
{
"status": "affected",
"version": "3.48.15"
},
{
"status": "affected",
"version": "3.48.16"
},
{
"status": "affected",
"version": "3.48.17"
},
{
"status": "affected",
"version": "3.48.18"
},
{
"status": "affected",
"version": "3.48.19"
},
{
"status": "affected",
"version": "3.48.20"
},
{
"status": "affected",
"version": "3.48.21"
},
{
"status": "unaffected",
"version": "3.48.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "j369 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in D\u00edgitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing password field masking. It is possible to launch the attack remotely. Upgrading to version 3.48.22 is sufficient to fix this issue. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-549",
"description": "Missing Password Field Masking",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:33:37.053Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-308271 | D\u00edgitro NGC Explorer Configuration missing password field masking",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/308271"
},
{
"name": "VDB-308271 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/308271/cti"
},
{
"name": "Submit #565307 | D\u00edgitro NGC Explorer 3.44.15 Plaintext Password in Configuration File",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/565307"
},
{
"tags": [
"patch"
],
"url": "https://digitro.com/recomendacao-10-2026-ctir-gov/"
},
{
"tags": [
"related"
],
"url": "https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-27T16:38:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "D\u00edgitro NGC Explorer Configuration missing password field masking"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4526",
"datePublished": "2025-05-11T01:00:06.924Z",
"dateReserved": "2025-05-10T05:29:51.012Z",
"dateUpdated": "2026-05-27T14:33:37.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4528 (GCVE-0-2025-4528)
Vulnerability from cvelistv5 – Published: 2025-05-11 03:00 – Updated: 2026-05-27 14:34
VLAI
Title
Dígitro NGC Explorer session expiration
Summary
A weakness has been identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. This affects an unknown function. Executing a manipulation can lead to session expiration. The attack can be launched remotely. Upgrading to version 3.48.22 mitigates this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Session Expiration
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/308273 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/308273/cti | signaturepermissions-required |
| https://vuldb.com/submit/565309 | third-party-advisory |
| https://digitro.com/recomendacao-10-2026-ctir-gov/ | patch |
| https://www.gov.br/ctir/pt-br/assuntos/alertas-e-… | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dígitro | NGC Explorer |
Affected:
3.44.0
Affected: 3.44.1 Affected: 3.44.2 Affected: 3.44.3 Affected: 3.44.4 Affected: 3.44.5 Affected: 3.44.6 Affected: 3.44.7 Affected: 3.44.8 Affected: 3.44.9 Affected: 3.44.10 Affected: 3.44.11 Affected: 3.44.12 Affected: 3.44.13 Affected: 3.44.14 Affected: 3.44.15 Affected: 3.48.0 Affected: 3.48.1 Affected: 3.48.2 Affected: 3.48.3 Affected: 3.48.4 Affected: 3.48.5 Affected: 3.48.6 Affected: 3.48.7 Affected: 3.48.8 Affected: 3.48.9 Affected: 3.48.10 Affected: 3.48.11 Affected: 3.48.12 Affected: 3.48.13 Affected: 3.48.14 Affected: 3.48.15 Affected: 3.48.16 Affected: 3.48.17 Affected: 3.48.18 Affected: 3.48.19 Affected: 3.48.20 Affected: 3.48.21 Unaffected: 3.48.22 cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:33:25.278396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:33:36.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:*"
],
"product": "NGC Explorer",
"vendor": "D\u00edgitro",
"versions": [
{
"status": "affected",
"version": "3.44.0"
},
{
"status": "affected",
"version": "3.44.1"
},
{
"status": "affected",
"version": "3.44.2"
},
{
"status": "affected",
"version": "3.44.3"
},
{
"status": "affected",
"version": "3.44.4"
},
{
"status": "affected",
"version": "3.44.5"
},
{
"status": "affected",
"version": "3.44.6"
},
{
"status": "affected",
"version": "3.44.7"
},
{
"status": "affected",
"version": "3.44.8"
},
{
"status": "affected",
"version": "3.44.9"
},
{
"status": "affected",
"version": "3.44.10"
},
{
"status": "affected",
"version": "3.44.11"
},
{
"status": "affected",
"version": "3.44.12"
},
{
"status": "affected",
"version": "3.44.13"
},
{
"status": "affected",
"version": "3.44.14"
},
{
"status": "affected",
"version": "3.44.15"
},
{
"status": "affected",
"version": "3.48.0"
},
{
"status": "affected",
"version": "3.48.1"
},
{
"status": "affected",
"version": "3.48.2"
},
{
"status": "affected",
"version": "3.48.3"
},
{
"status": "affected",
"version": "3.48.4"
},
{
"status": "affected",
"version": "3.48.5"
},
{
"status": "affected",
"version": "3.48.6"
},
{
"status": "affected",
"version": "3.48.7"
},
{
"status": "affected",
"version": "3.48.8"
},
{
"status": "affected",
"version": "3.48.9"
},
{
"status": "affected",
"version": "3.48.10"
},
{
"status": "affected",
"version": "3.48.11"
},
{
"status": "affected",
"version": "3.48.12"
},
{
"status": "affected",
"version": "3.48.13"
},
{
"status": "affected",
"version": "3.48.14"
},
{
"status": "affected",
"version": "3.48.15"
},
{
"status": "affected",
"version": "3.48.16"
},
{
"status": "affected",
"version": "3.48.17"
},
{
"status": "affected",
"version": "3.48.18"
},
{
"status": "affected",
"version": "3.48.19"
},
{
"status": "affected",
"version": "3.48.20"
},
{
"status": "affected",
"version": "3.48.21"
},
{
"status": "unaffected",
"version": "3.48.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "j369 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in D\u00edgitro NGC Explorer up to 3.44.15/3.48.21. This affects an unknown function. Executing a manipulation can lead to session expiration. The attack can be launched remotely. Upgrading to version 3.48.22 mitigates this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:34:18.093Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-308273 | D\u00edgitro NGC Explorer session expiration",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/308273"
},
{
"name": "VDB-308273 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/308273/cti"
},
{
"name": "Submit #565309 | D\u00edgitro NGC Explorer 3.44.15 Improper session token expiration",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/565309"
},
{
"tags": [
"patch"
],
"url": "https://digitro.com/recomendacao-10-2026-ctir-gov/"
},
{
"tags": [
"related"
],
"url": "https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-27T16:38:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "D\u00edgitro NGC Explorer session expiration"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4528",
"datePublished": "2025-05-11T03:00:06.849Z",
"dateReserved": "2025-05-10T05:30:00.544Z",
"dateUpdated": "2026-05-27T14:34:18.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4527 (GCVE-0-2025-4527)
Vulnerability from cvelistv5 – Published: 2025-05-11 02:00 – Updated: 2026-05-27 14:33
VLAI
Title
Dígitro NGC Explorer Password Transmission client-side enforcement of server-side security
Summary
A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. Upgrading to version 3.48.22 is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/308272 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/308272/cti | signaturepermissions-required |
| https://vuldb.com/submit/565308 | third-party-advisory |
| https://digitro.com/recomendacao-10-2026-ctir-gov/ | patch |
| https://www.gov.br/ctir/pt-br/assuntos/alertas-e-… | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dígitro | NGC Explorer |
Affected:
3.44.0
Affected: 3.44.1 Affected: 3.44.2 Affected: 3.44.3 Affected: 3.44.4 Affected: 3.44.5 Affected: 3.44.6 Affected: 3.44.7 Affected: 3.44.8 Affected: 3.44.9 Affected: 3.44.10 Affected: 3.44.11 Affected: 3.44.12 Affected: 3.44.13 Affected: 3.44.14 Affected: 3.44.15 Affected: 3.48.0 Affected: 3.48.1 Affected: 3.48.2 Affected: 3.48.3 Affected: 3.48.4 Affected: 3.48.5 Affected: 3.48.6 Affected: 3.48.7 Affected: 3.48.8 Affected: 3.48.9 Affected: 3.48.10 Affected: 3.48.11 Affected: 3.48.12 Affected: 3.48.13 Affected: 3.48.14 Affected: 3.48.15 Affected: 3.48.16 Affected: 3.48.17 Affected: 3.48.18 Affected: 3.48.19 Affected: 3.48.20 Affected: 3.48.21 Unaffected: 3.48.22 cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:37:44.613444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:37:50.244Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:*"
],
"modules": [
"Password Transmission Handler"
],
"product": "NGC Explorer",
"vendor": "D\u00edgitro",
"versions": [
{
"status": "affected",
"version": "3.44.0"
},
{
"status": "affected",
"version": "3.44.1"
},
{
"status": "affected",
"version": "3.44.2"
},
{
"status": "affected",
"version": "3.44.3"
},
{
"status": "affected",
"version": "3.44.4"
},
{
"status": "affected",
"version": "3.44.5"
},
{
"status": "affected",
"version": "3.44.6"
},
{
"status": "affected",
"version": "3.44.7"
},
{
"status": "affected",
"version": "3.44.8"
},
{
"status": "affected",
"version": "3.44.9"
},
{
"status": "affected",
"version": "3.44.10"
},
{
"status": "affected",
"version": "3.44.11"
},
{
"status": "affected",
"version": "3.44.12"
},
{
"status": "affected",
"version": "3.44.13"
},
{
"status": "affected",
"version": "3.44.14"
},
{
"status": "affected",
"version": "3.44.15"
},
{
"status": "affected",
"version": "3.48.0"
},
{
"status": "affected",
"version": "3.48.1"
},
{
"status": "affected",
"version": "3.48.2"
},
{
"status": "affected",
"version": "3.48.3"
},
{
"status": "affected",
"version": "3.48.4"
},
{
"status": "affected",
"version": "3.48.5"
},
{
"status": "affected",
"version": "3.48.6"
},
{
"status": "affected",
"version": "3.48.7"
},
{
"status": "affected",
"version": "3.48.8"
},
{
"status": "affected",
"version": "3.48.9"
},
{
"status": "affected",
"version": "3.48.10"
},
{
"status": "affected",
"version": "3.48.11"
},
{
"status": "affected",
"version": "3.48.12"
},
{
"status": "affected",
"version": "3.48.13"
},
{
"status": "affected",
"version": "3.48.14"
},
{
"status": "affected",
"version": "3.48.15"
},
{
"status": "affected",
"version": "3.48.16"
},
{
"status": "affected",
"version": "3.48.17"
},
{
"status": "affected",
"version": "3.48.18"
},
{
"status": "affected",
"version": "3.48.19"
},
{
"status": "affected",
"version": "3.48.20"
},
{
"status": "affected",
"version": "3.48.21"
},
{
"status": "unaffected",
"version": "3.48.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "j369 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in D\u00edgitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. Upgrading to version 3.48.22 is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:33:40.761Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-308272 | D\u00edgitro NGC Explorer Password Transmission client-side enforcement of server-side security",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/308272"
},
{
"name": "VDB-308272 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/308272/cti"
},
{
"name": "Submit #565308 | D\u00edgitro NGC Explorer 3.44.15 Improper client-side encryption implementation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/565308"
},
{
"tags": [
"patch"
],
"url": "https://digitro.com/recomendacao-10-2026-ctir-gov/"
},
{
"tags": [
"related"
],
"url": "https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-27T16:38:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "D\u00edgitro NGC Explorer Password Transmission client-side enforcement of server-side security"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4527",
"datePublished": "2025-05-11T02:00:06.268Z",
"dateReserved": "2025-05-10T05:29:57.658Z",
"dateUpdated": "2026-05-27T14:33:40.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4526 (GCVE-0-2025-4526)
Vulnerability from cvelistv5 – Published: 2025-05-11 01:00 – Updated: 2026-05-27 14:33
VLAI
Title
Dígitro NGC Explorer Configuration missing password field masking
Summary
A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing password field masking. It is possible to launch the attack remotely. Upgrading to version 3.48.22 is sufficient to fix this issue. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/308271 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/308271/cti | signaturepermissions-required |
| https://vuldb.com/submit/565307 | third-party-advisory |
| https://digitro.com/recomendacao-10-2026-ctir-gov/ | patch |
| https://www.gov.br/ctir/pt-br/assuntos/alertas-e-… | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dígitro | NGC Explorer |
Affected:
3.44.0
Affected: 3.44.1 Affected: 3.44.2 Affected: 3.44.3 Affected: 3.44.4 Affected: 3.44.5 Affected: 3.44.6 Affected: 3.44.7 Affected: 3.44.8 Affected: 3.44.9 Affected: 3.44.10 Affected: 3.44.11 Affected: 3.44.12 Affected: 3.44.13 Affected: 3.44.14 Affected: 3.44.15 Affected: 3.48.0 Affected: 3.48.1 Affected: 3.48.2 Affected: 3.48.3 Affected: 3.48.4 Affected: 3.48.5 Affected: 3.48.6 Affected: 3.48.7 Affected: 3.48.8 Affected: 3.48.9 Affected: 3.48.10 Affected: 3.48.11 Affected: 3.48.12 Affected: 3.48.13 Affected: 3.48.14 Affected: 3.48.15 Affected: 3.48.16 Affected: 3.48.17 Affected: 3.48.18 Affected: 3.48.19 Affected: 3.48.20 Affected: 3.48.21 Unaffected: 3.48.22 cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:38:09.297067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:38:15.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:*"
],
"modules": [
"Configuration Page"
],
"product": "NGC Explorer",
"vendor": "D\u00edgitro",
"versions": [
{
"status": "affected",
"version": "3.44.0"
},
{
"status": "affected",
"version": "3.44.1"
},
{
"status": "affected",
"version": "3.44.2"
},
{
"status": "affected",
"version": "3.44.3"
},
{
"status": "affected",
"version": "3.44.4"
},
{
"status": "affected",
"version": "3.44.5"
},
{
"status": "affected",
"version": "3.44.6"
},
{
"status": "affected",
"version": "3.44.7"
},
{
"status": "affected",
"version": "3.44.8"
},
{
"status": "affected",
"version": "3.44.9"
},
{
"status": "affected",
"version": "3.44.10"
},
{
"status": "affected",
"version": "3.44.11"
},
{
"status": "affected",
"version": "3.44.12"
},
{
"status": "affected",
"version": "3.44.13"
},
{
"status": "affected",
"version": "3.44.14"
},
{
"status": "affected",
"version": "3.44.15"
},
{
"status": "affected",
"version": "3.48.0"
},
{
"status": "affected",
"version": "3.48.1"
},
{
"status": "affected",
"version": "3.48.2"
},
{
"status": "affected",
"version": "3.48.3"
},
{
"status": "affected",
"version": "3.48.4"
},
{
"status": "affected",
"version": "3.48.5"
},
{
"status": "affected",
"version": "3.48.6"
},
{
"status": "affected",
"version": "3.48.7"
},
{
"status": "affected",
"version": "3.48.8"
},
{
"status": "affected",
"version": "3.48.9"
},
{
"status": "affected",
"version": "3.48.10"
},
{
"status": "affected",
"version": "3.48.11"
},
{
"status": "affected",
"version": "3.48.12"
},
{
"status": "affected",
"version": "3.48.13"
},
{
"status": "affected",
"version": "3.48.14"
},
{
"status": "affected",
"version": "3.48.15"
},
{
"status": "affected",
"version": "3.48.16"
},
{
"status": "affected",
"version": "3.48.17"
},
{
"status": "affected",
"version": "3.48.18"
},
{
"status": "affected",
"version": "3.48.19"
},
{
"status": "affected",
"version": "3.48.20"
},
{
"status": "affected",
"version": "3.48.21"
},
{
"status": "unaffected",
"version": "3.48.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "j369 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in D\u00edgitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing password field masking. It is possible to launch the attack remotely. Upgrading to version 3.48.22 is sufficient to fix this issue. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-549",
"description": "Missing Password Field Masking",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:33:37.053Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-308271 | D\u00edgitro NGC Explorer Configuration missing password field masking",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/308271"
},
{
"name": "VDB-308271 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/308271/cti"
},
{
"name": "Submit #565307 | D\u00edgitro NGC Explorer 3.44.15 Plaintext Password in Configuration File",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/565307"
},
{
"tags": [
"patch"
],
"url": "https://digitro.com/recomendacao-10-2026-ctir-gov/"
},
{
"tags": [
"related"
],
"url": "https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-27T16:38:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "D\u00edgitro NGC Explorer Configuration missing password field masking"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4526",
"datePublished": "2025-05-11T01:00:06.924Z",
"dateReserved": "2025-05-10T05:29:51.012Z",
"dateUpdated": "2026-05-27T14:33:37.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}