CVE-2025-4558

Summary

The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.

Affected Software

VendorProductVersion RangeStatus
WormHole TechGPM0 < 202502affected

Weaknesses

  • CWE-620: CWE-620 Unverified Password Change

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References