Cyber Posture

CVE-2025-50433

CriticalPublic PoC

Published: 26 November 2025

Published
26 November 2025
Modified
29 December 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0010 28.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts.

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match
prevent

IA-5 mandates secure management and resetting of authenticators, directly addressing weak password recovery mechanisms that enable arbitrary account takeovers.

AC-2 Account Management partial match
prevent

AC-2 establishes processes for account creation, modification, and review, helping to secure password reset workflows and prevent unauthorized privilege escalation.

SI-10 Information Input Validation partial match
prevent

SI-10 requires validation of information inputs, mitigating crafted requests in the password reset process that lead to account compromise.

Security SummaryAI

CVE-2025-50433, published on 2025-11-26, is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting the imonnit.com web application, discovered on 2025-04-24. Classified under CWE-640 (weak password recovery mechanism for forgotten passwords), it enables malicious actors to gain escalated privileges through a crafted password reset process, resulting in the takeover of arbitrary user accounts.

The vulnerability is exploitable by unauthenticated attackers over the network with low attack complexity and no user interaction required. Successful exploitation allows attackers to achieve high-impact compromise of confidentiality, integrity, and availability, specifically by seizing control of any targeted user account on the platform.

Advisories providing further details on the issue, including potential mitigations and patches, are referenced at http://imonnitcom.com, http://monnit.com, https://github.com/0xMandor/imonnit-ato-advisory/blob/main/CVE-2025-50433.md, and https://youtu.be/-BqcdwHgMMA. Security practitioners should review these sources for vendor-recommended remediation steps.

Details

CWE(s)
CWE-640

Affected Products

monnit
imonnit
all versions

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1078.004 Cloud Accounts Stealth
Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1586.003 Cloud Accounts Resource Development
Adversaries may compromise cloud accounts that can be used during targeting.
attack.mitre.org →
Why these techniques?

Vulnerability in public-facing web application (imonnit.com) enables exploitation for account takeover via crafted password reset, facilitating privilege escalation and compromise/use of valid cloud accounts.

References