CVE-2025-41257 | THREATINT

Description

Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.

PUBLISHED Reserved 2025-04-16 | Published 2026-03-04 | Updated 2026-03-04 | Assigner sba-research

MEDIUM: 4.8CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-20 Improper Input Validation

Product status

Default status

unknown

2.9.11.6

affected

Credits

Jakob Hagl (SBA Research) finder

Marija Radosavljević (SBA Research) finder

Fabian Funder (SBA Research) finder

References

github.com/...-02_Suprema_BioStar_2_Insecure_Password_Change third-party-advisory

www.supremainc.com/...hybrid-security-platform-biostar-2.asp product

cve.org (CVE-2025-41257)

nvd.nist.gov (CVE-2025-41257)

Download JSON