CVE-2025-46414
BaseFortify
Publication date: 2025-08-08
Last updated on: 2025-08-08
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because the affected product does not limit the number of attempts to input the correct PIN for a registered device. An attacker who has a valid device serial number can repeatedly try different PINs without restriction, potentially gaining unauthorized access through brute-force methods. The API also provides clear feedback when the correct PIN is entered, which aids the attacker. This issue was fixed with a server-side update on April 6, 2025.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to gain unauthorized access to a registered product by brute-forcing the PIN, potentially compromising the security and privacy of the device and its data. This could lead to unauthorized control or data breaches involving the affected device.
What immediate steps should I take to mitigate this vulnerability?
Apply the server-side update released on April 6, 2025, which patches the vulnerability by limiting the number of PIN entry attempts to prevent brute-force attacks.