CVE-2025-32440

EPSS 0.1%
Veröffentlicht 27.05.2025 21:59:40
Zuletzt bearbeitet 11.07.2025 18:58:26
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to /index.php. This issue has been patched in version 25.4.14.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netalertx ≫ Netalertx Version < 25.4.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.281

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrx

Vendor Advisory

https://github.com/jokob-sk/NetAlertX/releases/tag/v25.4.14

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-32440

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32440

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32440

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-32440