CVE-2025-22375

An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a patch has been made available to all instances of CyberAudit-Web, including the versions that are End of Maintenance (EOM). Anyone that requires support with the resolution of this issue can contact support@videx.com for assistance.

CVSS

No CVSS.

References

Link	Resource
https://csirt.divd.nl/CVE-2025-22375
https://csirt.divd.nl/DIVD-2024-00043/

Configurations

No configuration.

History

11 Apr 2025, 15:39

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad de omisión de autenticación en CyberAudit-Web de Videx. Mediante la explotación de un fallo lógico, un atacante podría crear una sesión válida sin ninguna credencial. Esta vulnerabilidad ha sido corregida en versiones posteriores a la 9.5 y se ha puesto un parche a disposición de todas las instancias de CyberAudit-Web, incluidas las versiones en fin de mantenimiento (EOM). Cualquier persona que necesite ayuda para resolver este problema puede comunicarse con support@videx.com para obtener asistencia.

10 Apr 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-10 11:15

Updated : 2025-04-11 15:39

NVD link : CVE-2025-22375

Mitre link : CVE-2025-22375

CVE.ORG link : CVE-2025-22375

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

{"id": "CVE-2025-22375", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "csirt@divd.nl", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 9.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-10T11:15:45.510", "references": [{"url": "https://csirt.divd.nl/CVE-2025-22375", "source": "csirt@divd.nl"}, {"url": "https://csirt.divd.nl/DIVD-2024-00043/", "source": "csirt@divd.nl"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "csirt@divd.nl", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5\u00a0and a patch has been made available to all instances of CyberAudit-Web, including the versions that are End of Maintenance (EOM). Anyone that requires support with the resolution of this issue can contact support@videx.com for assistance."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en CyberAudit-Web de Videx. Mediante la explotaci\u00f3n de un fallo l\u00f3gico, un atacante podr\u00eda crear una sesi\u00f3n v\u00e1lida sin ninguna credencial. Esta vulnerabilidad ha sido corregida en versiones posteriores a la 9.5 y se ha puesto un parche a disposici\u00f3n de todas las instancias de CyberAudit-Web, incluidas las versiones en fin de mantenimiento (EOM). Cualquier persona que necesite ayuda para resolver este problema puede comunicarse con support@videx.com para obtener asistencia."}], "lastModified": "2025-04-11T15:39:52.920", "sourceIdentifier": "csirt@divd.nl"}