CVE-2025-4552

Exploit

EPSS 0.43%
Veröffentlicht 11.05.2025 23:31:04
Zuletzt bearbeitet 10.11.2025 15:00:19
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

ContiNew Admin password unverified password change

A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The manipulation leads to unverified password change. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Continew ≫ Continew Admin Version <= 3.6.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.344

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
cna@vuldb.com	5.5	8	4.9	AV:N/AC:L/Au:S/C:N/I:P/A:P

CWE-620 Unverified Password Change

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://vuldb.com/?id.308299

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.308299

VDB Entry

Permissions Required

https://vuldb.com/?submit.567572

Third Party Advisory

VDB Entry

https://github.com/uglory-gll/javasec/blob/main/continew-admin.md#21dev-apisystemuser1password-only-assigning-password-reset-permission-can-reset-the-super-administrator-password

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-4552

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-4552

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-4552

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-4552