← voltar
CVE-2025-4558

WormHole Tech GPM - Unverified Password Change

CVSS 9.3 CRITICALEPSS 0.4%CWE-620
The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
WormHole Tech · GPM

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.twcert.org.tw/en/cp-139-10115-f5f14-2.htmlhttps://www.twcert.org.tw/tw/cp-132-10114-10b4b-1.html