{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6097", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-15T06:56:23.268Z", "datePublished": "2025-06-16T00:00:12.840Z", "dateUpdated": "2025-06-16T16:22:55.742Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-16T00:00:12.840Z"}, "title": "UTT \u8fdb\u53d6 750W Administrator Password setSysAdm formDefineManagement unverified password change", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-620", "lang": "en", "description": "Unverified Password Change"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-640", "lang": "en", "description": "Weak Password Recovery"}]}], "affected": [{"vendor": "UTT", "product": "\u8fdb\u53d6 750W", "versions": [{"version": "5.0", "status": "affected"}], "modules": ["Administrator Password Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in UTT \u8fdb\u53d6 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/setSysAdm of the component Administrator Password Handler. The manipulation of the argument passwd1 leads to unverified password change. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in UTT \u8fdb\u53d6 750W bis 5.0 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion formDefineManagement der Datei /goform/setSysAdm der Komponente Administrator Password Handler. Dank Manipulation des Arguments passwd1 mit unbekannten Daten kann eine unverified password change-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-06-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-15T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-15T09:01:30.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "pfwqdxwdd (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.312566", "name": "VDB-312566 | UTT \u8fdb\u53d6 750W Administrator Password setSysAdm formDefineManagement unverified password change", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.312566", "name": "VDB-312566 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.589425", "name": "Submit #589425 | UTT \u8fdb\u53d6750w <=V5.0 Unverified Password Change", "tags": ["third-party-advisory"]}, {"url": "https://github.com/pfwqdxwdd/cve/blob/main/6.md", "tags": ["related"]}, {"url": "https://github.com/pfwqdxwdd/cve/blob/main/6.md#poc", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-16T16:22:40.258870Z", "id": "CVE-2025-6097", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T16:22:55.742Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6097", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-16T16:22:40.258870Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T16:22:52.656Z"}}], "cna": {"title": "UTT \u8fdb\u53d6 750W Administrator Password setSysAdm formDefineManagement unverified password change", "credits": [{"lang": "en", "type": "reporter", "value": "pfwqdxwdd (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "UTT", "modules": ["Administrator Password Handler"], "product": "\u8fdb\u53d6 750W", "versions": [{"status": "affected", "version": "5.0"}]}], "timeline": [{"lang": "en", "time": "2025-06-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-15T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-15T09:01:30.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.312566", "name": "VDB-312566 | UTT \u8fdb\u53d6 750W Administrator Password setSysAdm formDefineManagement unverified password change", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.312566", "name": "VDB-312566 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.589425", "name": "Submit #589425 | UTT \u8fdb\u53d6750w <=V5.0 Unverified Password Change", "tags": ["third-party-advisory"]}, {"url": "https://github.com/pfwqdxwdd/cve/blob/main/6.md", "tags": ["related"]}, {"url": "https://github.com/pfwqdxwdd/cve/blob/main/6.md#poc", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in UTT \u8fdb\u53d6 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/setSysAdm of the component Administrator Password Handler. The manipulation of the argument passwd1 leads to unverified password change. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in UTT \u8fdb\u53d6 750W bis 5.0 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion formDefineManagement der Datei /goform/setSysAdm der Komponente Administrator Password Handler. Dank Manipulation des Arguments passwd1 mit unbekannten Daten kann eine unverified password change-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-620", "description": "Unverified Password Change"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-640", "description": "Weak Password Recovery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-16T00:00:12.840Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6097", "state": "PUBLISHED", "dateUpdated": "2025-06-16T16:22:55.742Z", "dateReserved": "2025-06-15T06:56:23.268Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-16T00:00:12.840Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in UTT \u8fdb\u53d6 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/setSysAdm of the component Administrator Password Handler. The manipulation of the argument passwd1 leads to unverified password change. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en UTT ?? 750W hasta la versi\u00f3n 5.0, clasificada como cr\u00edtica. Este problema afecta a la funci\u00f3n formDefineManagement del archivo /goform/setSysAdm del componente Administrator Password Handler. La manipulaci\u00f3n del argumento passwd1 provoca un cambio de contrase\u00f1a no verificado. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."}], "id": "CVE-2025-6097", "lastModified": "2025-06-16T12:32:18.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-16T00:15:18.773", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/pfwqdxwdd/cve/blob/main/6.md"}, {"source": "cna@vuldb.com", "url": "https://github.com/pfwqdxwdd/cve/blob/main/6.md#poc"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.312566"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.312566"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.589425"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-620"}, {"lang": "en", "value": "CWE-640"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}