CVE-2025-4558
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WormHole Tech | GPM | 0 < 202502 | affected |
Weaknesses
- CWE-620: CWE-620 Unverified Password Change
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.twcert.org.tw/tw/cp-132-10114-10b4b-1.html
- https://www.twcert.org.tw/en/cp-139-10115-f5f14-2.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.