CVE-2025-4687 | THREATINT

Description

In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7.

PUBLISHED Reserved 2025-05-14 | Published 2025-05-29 | Updated 2025-05-29 | Assigner tlt_net

HIGH: 7.2CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:H/SC:H/SI:H/SA:H

Product status

Default status

unaffected

Any version before 5.7

affected

References

jowin922.medium.com/...n-teletonika-rms-website-972335378829 media-coverage

cve.org (CVE-2025-4687)

nvd.nist.gov (CVE-2025-4687)

Download JSON