CVE-2025-59453

Summary

Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administration section.

Affected Software

VendorProductVersion RangeStatus
clickstudiosPasswordstate0 < 9.9 Build 9972affected

Weaknesses

  • CWE-669: CWE-669 Incorrect Resource Transfer Between Spheres

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References