Search criteria
2 vulnerabilities found for Pivot client application by MAXHUB
CVE-2025-53704 (GCVE-0-2025-53704)
Vulnerability from cvelistv5 – Published: 2025-12-04 21:44 – Updated: 2025-12-05 19:21
VLAI?
Title
MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password
Summary
The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MAXHUB | Pivot client application |
Affected:
0 , < 1.36.2
(custom)
Unaffected: 1.36.2 |
Credits
Malik MAKKES of Abicom Groupe OCI reported this vulnerability to MAXHUB.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T19:21:05.023674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T19:21:16.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pivot client application",
"vendor": "MAXHUB",
"versions": [
{
"lessThan": "1.36.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.36.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Malik MAKKES of Abicom Groupe OCI reported this vulnerability to MAXHUB."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account.\u003c/span\u003e"
}
],
"value": "The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T21:44:06.466Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.maxhub.com/en/support/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMAXHUB recommends users to upgrade the Pivot client application to v1.36.2 or newer. For more information, see the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.maxhub.com/en/support/\"\u003eMAXHUB support page.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "MAXHUB recommends users to upgrade the Pivot client application to v1.36.2 or newer. For more information, see the MAXHUB support page. https://www.maxhub.com/en/support/"
}
],
"source": {
"advisory": "ICSA-25-338-02",
"discovery": "UNKNOWN"
},
"title": "MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-53704",
"datePublished": "2025-12-04T21:44:06.466Z",
"dateReserved": "2025-07-30T19:03:10.106Z",
"dateUpdated": "2025-12-05T19:21:16.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53704 (GCVE-0-2025-53704)
Vulnerability from nvd – Published: 2025-12-04 21:44 – Updated: 2025-12-05 19:21
VLAI?
Title
MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password
Summary
The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MAXHUB | Pivot client application |
Affected:
0 , < 1.36.2
(custom)
Unaffected: 1.36.2 |
Credits
Malik MAKKES of Abicom Groupe OCI reported this vulnerability to MAXHUB.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T19:21:05.023674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T19:21:16.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pivot client application",
"vendor": "MAXHUB",
"versions": [
{
"lessThan": "1.36.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.36.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Malik MAKKES of Abicom Groupe OCI reported this vulnerability to MAXHUB."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account.\u003c/span\u003e"
}
],
"value": "The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T21:44:06.466Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.maxhub.com/en/support/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMAXHUB recommends users to upgrade the Pivot client application to v1.36.2 or newer. For more information, see the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.maxhub.com/en/support/\"\u003eMAXHUB support page.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "MAXHUB recommends users to upgrade the Pivot client application to v1.36.2 or newer. For more information, see the MAXHUB support page. https://www.maxhub.com/en/support/"
}
],
"source": {
"advisory": "ICSA-25-338-02",
"discovery": "UNKNOWN"
},
"title": "MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-53704",
"datePublished": "2025-12-04T21:44:06.466Z",
"dateReserved": "2025-07-30T19:03:10.106Z",
"dateUpdated": "2025-12-05T19:21:16.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}