CVE-2025-48461

Medium

Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover…

CSA·CWE-341·Published 2025-06-24

CVSS

5.0

EPSS

0.00

KEV

Exploits

cve.orgen

268 chars

Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords.

NVDen

268 chars

NVDes

325 chars

La explotación exitosa de la vulnerabilidad podría permitir a un atacante no autenticado realizar conjeturas por fuerza bruta y tomar el control de la cuenta, ya que las cookies de sesión son predecibles, lo que potencialmente permite a los atacantes obtener acceso de root, administrador o usuario y restablecer contraseñas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	5.0	—	—	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
3.1	Secondary	NVD	5.0	1.6	3.4	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L