CVE-2025-58156
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-09-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nofusscomputing | centurion_erp | From 1.12.0 (inc) to 1.21.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Centurion ERP versions 1.12.0 to before 1.21.0 allows an authenticated user to view all authentication token details stored in the database, including the hashed tokens. However, un-hashed tokens are not viewable. This exposure could potentially allow attackers with some level of access to gain information about authentication tokens. The issue has been fixed in version 1.21.0.
How can this vulnerability impact me? :
The vulnerability could allow an authenticated user to access hashed authentication tokens, which might increase the risk of token misuse or unauthorized access if the hashes are compromised or cracked. Although the impact is limited since only hashed tokens are exposed and the CVSS base score is low (1.9), it still poses a confidentiality risk to authentication credentials.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Centurion ERP to version 1.21.0 or later where the issue is patched. Additionally, remove all authentication tokens created by affected versions (1.12.0 to before 1.21.0) from the database to prevent unauthorized access. Workarounds such as disabling token authentication are not viable.