CVE-2025-41257

Suprema BioStar 2 Insecure Password Change

CVSS 4.8 MEDIUMEPSS 0.2%CWE-20

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Produtos afetados

Suprema · BioStar 2

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251104-02_Suprema_BioStar_2_Insecure_Password_Change https://www.supremainc.com/en/platform/hybrid-security-platform-biostar-2.asp