CVE-2025-3091

Published: Jun 24, 2025Modified: Jun 26, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: info@cert.vde.com (Secondary)

Description

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://certvde.com/en/advisories/VDE-2025-035

Source: info@cert.vde.com

https://certvde.com/en/advisories/VDE-2025-038

Source: info@cert.vde.com

Timeline

No history available yet.