CVE-2025-14751 | THREATINT

Description

A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.

PUBLISHED Reserved 2025-12-15 | Published 2026-01-22 | Updated 2026-01-26 | Assigner icscert

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-620 Unverified Password Change

Product status

Default status

unaffected

20200630 (custom) before 20241112

affected

Default status

unaffected

20200630 (custom) before 20241112

affected

Default status

unaffected

20220413 (custom) before 20240919

affected

Default status

unaffected

20230308 (custom) before 20250827

affected

Credits

Joel Aviad Ossi of WebSec B.V reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-022-05 government-resource

cve.org (CVE-2025-14751)

nvd.nist.gov (CVE-2025-14751)

Download JSON

help @ threatint.eu