CVE-2025-48461
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-06-24
Last updated on: 2025-07-09
Assigner: CSA
Description
Description
Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| advantech | wise-4060lan_firmware | * |
| advantech | wise-4060lan | * |
| advantech | wise-4050lan_firmware | * |
| advantech | wise-4050lan | * |
| advantech | wise-4010lan_firmware | * |
| advantech | wise-4010lan | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-341 | A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated attacker to perform brute force guessing attacks because the session cookies are predictable. By exploiting this, the attacker could take over accounts, potentially gaining root, admin, or user access and even reset passwords.
How can this vulnerability impact me? :
The impact includes unauthorized access to accounts at various privilege levels (root, admin, user), which can lead to account takeover and password resets. This compromises the security and integrity of the affected system or application.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70