CVE Catalog

CVE-2025-69929

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile - higher than 32% of all known CVEs

Summary

A vulnerability in N3uron Web User Interface version 1.21.7-240207.1047 allows a remote attacker to escalate privileges by hashing passwords on the client side using the MD5 algorithm over a predictable string format.

Risk Assessment

An attacker can gain unauthorized access to higher-privileged accounts, potentially leading to system compromise and data confidentiality breaches.

Recommendation

Immediately update N3uron Web User Interface to the latest version and implement server-side password hashing using a strong algorithm (e.g., bcrypt).

Original NVD description (English source)

An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format

Vulnerability data from NVD (NIST) · CISA KEV · EPSS