CVE-2025-43863
BaseFortify
Publication date: 2025-06-12
Last updated on: 2025-09-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vantage6 | vantage6 | to 4.11.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-43863 is a vulnerability in the vantage6 framework where an attacker who has access to an authenticated session can repeatedly use the change password function to guess the user's password without any limit. The system returns feedback indicating if the password guess is wrong, allowing the attacker to brute-force the password until it is correct. This happens because there is no protection against excessive authentication attempts on the change password route. The issue is fixed in version 4.11. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with an authenticated session to brute-force user passwords by repeatedly attempting to change the password and receiving feedback on each attempt. This could lead to unauthorized access to user accounts if the attacker successfully guesses the password, potentially compromising user data and system integrity. However, the severity is rated as low. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for repeated calls to the change password endpoint from an authenticated session, indicating possible brute-force attempts. Network or application logs should be analyzed for an unusually high number of password change requests from the same user or session. Specific commands depend on your logging and monitoring setup, but for example, using grep on server logs to find repeated POST requests to the change password route could help detect this behavior. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading vantage6 to version 4.11 or later, where the vulnerability is fixed. Since no patches or workarounds are available as of the advisory date, upgrading is the recommended action. Additionally, monitoring and restricting excessive authentication attempts at the network or application level may help reduce risk until the upgrade is applied. [1]