← back
CVE-2025-41257

Suprema BioStar 2 Insecure Password Change

CVSS 4.8 MEDIUMEPSS 0.2%CWE-20
Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
Suprema · BioStar 2

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251104-02_Suprema_BioStar_2_Insecure_Password_Changehttps://www.supremainc.com/en/platform/hybrid-security-platform-biostar-2.asp