CVE-2025-52689

{"id": "CVE-2025-52689", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-07-16T07:15:23.190", "references": [{"url": "https://blog.uhg.sg/article/24.html", "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4"}, {"url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf", "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4"}, {"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/", "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4"}, {"url": "https://github.com/UltimateHG/CVE-2025-52689-PoC", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point."}, {"lang": "es", "value": "La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir que un atacante no autenticado obtenga una ID de sesi\u00f3n v\u00e1lida con privilegios de administrador falsificando la solicitud de inicio de sesi\u00f3n, lo que potencialmente permitir\u00eda al atacante modificar el comportamiento del punto de acceso."}], "lastModified": "2025-07-16T15:15:32.020", "sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4"}