CVE-2025-59453
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-09-16

Assigner: MITRE

Description
Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administration section.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-09-16
Generated
2026-06-16
AI Q&A
2025-09-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59453
EUVD
EUVD-2025-29358
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
click_studios passwordstate 9.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-669 The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The immediate mitigation step is to upgrade Passwordstate to version 9.9 Build 9972 or later, as this update addresses the authentication bypass vulnerability in the Emergency Access page. Additionally, applying the update will also enhance protections against clickjacking attacks and other related security issues. [1]

Executive Summary

CVE-2025-59453 is an authentication bypass vulnerability in Click Studios Passwordstate before version 9.9 Build 9972. It allows an unauthorized person to gain access to the Passwordstate Administration section by using a specially crafted URL on the Emergency Access web page, effectively bypassing normal authentication controls. [1]

Impact Analysis

This vulnerability can allow an attacker to bypass authentication and gain unauthorized administrative access to Passwordstate. This could lead to unauthorized control over password management, potentially exposing sensitive credentials and compromising the security of systems relying on Passwordstate. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for attempts to access the Passwordstate Emergency Access web page using crafted URLs that could bypass authentication. Specific commands are not provided in the available resources. However, network administrators should review web server logs for unusual or unauthorized access patterns to the Emergency Access page and consider using web application firewall (WAF) rules to detect suspicious URL patterns targeting Passwordstate Emergency Access functionality. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59453. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart