CVE-2025-57434
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-22
Last updated on: 2025-10-14
Assigner: MITRE
Description
Description
Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| creacast | creabox_manager | 4.4.4 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to gain access to the Creacast Creabox Manager system without knowing the full password, potentially leading to unauthorized control, data exposure, or manipulation of the system.
Can you explain this vulnerability to me?
This vulnerability is a critical authentication flaw in Creacast Creabox Manager where an attacker can bypass the login validation. Specifically, if the username is 'creabox' and the password starts with the string 'creacast', the system grants access regardless of the rest of the password.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70