CVE-2025-11322

Summary

A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the argument Senha/Confirmação da senha can lead to weak password requirements. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is regarded as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
MangatiNovoSGA2.2.0affected
MangatiNovoSGA2.2.1affected
MangatiNovoSGA2.2.2affected
MangatiNovoSGA2.2.3affected
MangatiNovoSGA2.2.4affected
MangatiNovoSGA2.2.5affected
MangatiNovoSGA2.2.6affected
MangatiNovoSGA2.2.7affected
MangatiNovoSGA2.2.8affected
MangatiNovoSGA2.2.9affected
MangatiNovoSGA2.2.10affected
MangatiNovoSGA2.2.11affected
MangatiNovoSGA2.2.12affected

Weaknesses

  • CWE-521: Weak Password Requirements

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References