{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4527", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-05-10T05:29:57.658Z", "datePublished": "2025-05-11T02:00:06.268Z", "dateUpdated": "2025-05-12T14:37:50.244Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-11T02:00:06.268Z"}, "title": "D\u00edgitro NGC Explorer Password Transmission client-side enforcement of server-side security", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-602", "lang": "en", "description": "Client-Side Enforcement of Server-Side Security"}]}], "affected": [{"vendor": "D\u00edgitro", "product": "NGC Explorer", "versions": [{"version": "3.44.15", "status": "affected"}], "modules": ["Password Transmission Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in D\u00edgitro NGC Explorer 3.44.15 and classified as problematic. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to client-side enforcement of server-side security. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In D\u00edgitro NGC Explorer 3.44.15 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Komponente Password Transmission Handler. Durch Manipulieren mit unbekannten Daten kann eine client-side enforcement of server-side security-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}], "timeline": [{"time": "2025-05-10T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-05-10T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-05-10T07:35:07.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "j369 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.308272", "name": "VDB-308272 | D\u00edgitro NGC Explorer Password Transmission client-side enforcement of server-side security", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.308272", "name": "VDB-308272 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.565308", "name": "Submit #565308 | D\u00edgitro NGC Explorer 3.44.15 Improper client-side encryption implementation", "tags": ["third-party-advisory"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-12T14:37:44.613444Z", "id": "CVE-2025-4527", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-12T14:37:50.244Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4527", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-12T14:37:44.613444Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-12T14:37:47.427Z"}}], "cna": {"title": "D\u00edgitro NGC Explorer Password Transmission client-side enforcement of server-side security", "credits": [{"lang": "en", "type": "reporter", "value": "j369 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}], "affected": [{"vendor": "D\u00edgitro", "modules": ["Password Transmission Handler"], "product": "NGC Explorer", "versions": [{"status": "affected", "version": "3.44.15"}]}], "timeline": [{"lang": "en", "time": "2025-05-10T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-05-10T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-05-10T07:35:07.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.308272", "name": "VDB-308272 | D\u00edgitro NGC Explorer Password Transmission client-side enforcement of server-side security", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.308272", "name": "VDB-308272 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.565308", "name": "Submit #565308 | D\u00edgitro NGC Explorer 3.44.15 Improper client-side encryption implementation", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in D\u00edgitro NGC Explorer 3.44.15 and classified as problematic. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to client-side enforcement of server-side security. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In D\u00edgitro NGC Explorer 3.44.15 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Komponente Password Transmission Handler. Durch Manipulieren mit unbekannten Daten kann eine client-side enforcement of server-side security-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-602", "description": "Client-Side Enforcement of Server-Side Security"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-11T02:00:06.268Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4527", "state": "PUBLISHED", "dateUpdated": "2025-05-12T14:37:50.244Z", "dateReserved": "2025-05-10T05:29:57.658Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-05-11T02:00:06.268Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in D\u00edgitro NGC Explorer 3.44.15 and classified as problematic. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to client-side enforcement of server-side security. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en D\u00edgitro NGC Explorer 3.44.15, clasificada como problem\u00e1tica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del componente \"Password Transmission Handler\". La manipulaci\u00f3n permite la aplicaci\u00f3n de la seguridad del servidor por parte del cliente. El ataque puede ejecutarse en remoto. Es un ataque de complejidad bastante alta. Parece dif\u00edcil de explotar. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta revelaci\u00f3n, pero no respondi\u00f3."}], "id": "CVE-2025-4527", "lastModified": "2025-05-12T17:32:32.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-05-11T03:15:24.740", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.308272"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.308272"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.565308"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-602"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}