CVE-2025-1643
Published: 25 February 2025
Description
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.
Security Summary
CVE-2025-1643 is a cross-site request forgery (CSRF) vulnerability, rated as problematic, in Benner ModernaNet versions up to 1.1.0. The issue affects the processing of the /DadosPessoais/SG_AlterarSenha endpoint, associated with CWE-352 (Cross-Site Request Forgery) and CWE-862 (Missing Authorization). It carries a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N), indicating network accessibility with low complexity but requiring user interaction.
Remote attackers without privileges can exploit this vulnerability by tricking authenticated users into performing unintended actions via forged requests to the vulnerable endpoint. Successful exploitation results in low-impact integrity violations, such as unauthorized modifications, with no confidentiality or availability effects.
Advisories recommend upgrading to Benner ModernaNet version 1.1.1 to address the issue. Relevant references include VulDB entries at https://vuldb.com/?ctiid.296693, https://vuldb.com/?id.296693, and https://vuldb.com/?submit.500574, as well as a CVE tracking repository at https://github.com/yago3008/cves.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
CSRF vulnerability in public-facing web application password change endpoint (SG_AlterarSenha) enables exploitation of public-facing application (T1190) and unauthorized account manipulation via forced password change leading to account takeover (T1098).