8.2
CVE-2025-25060
- EPSS 0.47%
- Veröffentlicht 02.04.2025 04:15:34
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerHammock Corporation
≫
Produkt
AssetView
Version
prior to Ver 13.2.4.3408 (13.2.4O)
Status
affected
HerstellerHammock Corporation
≫
Produkt
AssetView CLOUD
Version
prior to Ver 13.2.4.3408 (13.2.4O)
Status
affected
HerstellerHammock Corporation
≫
Produkt
AssetView CLOUD
Version
prior to Ver 13.3.4.3004 (13.3.4K)
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.367 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| vultures@jpcert.or.jp | 8.2 | 3.9 | 4.2 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
https://jvn.jp/en/jp/JVN26321838/
https://www.hammock.jp/assetview/info/250325.html