CVE-2025-4526 (GCVE-0-2025-4526)
Vulnerability from cvelistv5 – Published: 2025-05-11 01:00 – Updated: 2025-05-12 14:38
VLAI?
Summary
A vulnerability, which was classified as problematic, was found in Dígitro NGC Explorer 3.44.15. This affects an unknown part of the component Configuration Page. The manipulation leads to missing password field masking. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
4.3 (Medium)
4.3 (Medium)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dígitro | NGC Explorer |
Affected:
3.44.15
|
Credits
j369 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:38:09.297067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:38:15.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Configuration Page"
],
"product": "NGC Explorer",
"vendor": "D\u00edgitro",
"versions": [
{
"status": "affected",
"version": "3.44.15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "j369 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in D\u00edgitro NGC Explorer 3.44.15. This affects an unknown part of the component Configuration Page. The manipulation leads to missing password field masking. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in D\u00edgitro NGC Explorer 3.44.15 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Configuration Page. Durch das Manipulieren mit unbekannten Daten kann eine missing password field masking-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-549",
"description": "Missing Password Field Masking",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-11T01:00:06.924Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-308271 | D\u00edgitro NGC Explorer Configuration Page missing password field masking",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.308271"
},
{
"name": "VDB-308271 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.308271"
},
{
"name": "Submit #565307 | D\u00edgitro NGC Explorer 3.44.15 Plaintext Password in Configuration File",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.565307"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-10T07:35:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "D\u00edgitro NGC Explorer Configuration Page missing password field masking"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4526",
"datePublished": "2025-05-11T01:00:06.924Z",
"dateReserved": "2025-05-10T05:29:51.012Z",
"dateUpdated": "2025-05-12T14:38:15.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-4526\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-05-11T01:15:52.000\",\"lastModified\":\"2025-11-10T15:39:31.857\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability, which was classified as problematic, was found in D\u00edgitro NGC Explorer 3.44.15. This affects an unknown part of the component Configuration Page. The manipulation leads to missing password field masking. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en D\u00edgitro NGC Explorer 3.44.15. Esta afecta a una parte desconocida de la p\u00e1gina de configuraci\u00f3n del componente. La manipulaci\u00f3n provoca la omisi\u00f3n del enmascaramiento del campo de contrase\u00f1a. Es posible iniciar el ataque puede ejecutarse en remoto. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-549\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digitro:ngc_explorer:3.44.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E62990A8-47F0-4E03-9119-1980C3AB230E\"}]}]}],\"references\":[{\"url\":\"https://vuldb.com/?ctiid.308271\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.308271\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?submit.565307\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-4526\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-12T14:38:09.297067Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-12T14:38:12.240Z\"}}], \"cna\": {\"title\": \"D\\u00edgitro NGC Explorer Configuration Page missing password field masking\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"j369 (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 4, \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\"}}], \"affected\": [{\"vendor\": \"D\\u00edgitro\", \"modules\": [\"Configuration Page\"], \"product\": \"NGC Explorer\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.44.15\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-05-10T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-05-10T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-05-10T07:35:06.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.308271\", \"name\": \"VDB-308271 | D\\u00edgitro NGC Explorer Configuration Page missing password field masking\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://vuldb.com/?ctiid.308271\", \"name\": \"VDB-308271 | CTI Indicators (IOB, IOC, TTP)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.565307\", \"name\": \"Submit #565307 | D\\u00edgitro NGC Explorer 3.44.15 Plaintext Password in Configuration File\", \"tags\": [\"third-party-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability, which was classified as problematic, was found in D\\u00edgitro NGC Explorer 3.44.15. This affects an unknown part of the component Configuration Page. The manipulation leads to missing password field masking. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.\"}, {\"lang\": \"de\", \"value\": \"Es wurde eine problematische Schwachstelle in D\\u00edgitro NGC Explorer 3.44.15 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Configuration Page. Durch das Manipulieren mit unbekannten Daten kann eine missing password field masking-Schwachstelle ausgenutzt werden. Der Angriff kann \\u00fcber das Netzwerk angegangen werden.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-549\", \"description\": \"Missing Password Field Masking\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"Information Disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-05-11T01:00:06.924Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-4526\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-12T14:38:15.234Z\", \"dateReserved\": \"2025-05-10T05:29:51.012Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-05-11T01:00:06.924Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…