CVE-2025-69929
BaseFortify
Publication date: 2026-01-29
Last updated on: 2026-02-27
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n3uron | web_user_interface | 1.21.13-250422.0858 |
| n3uron | web_user_interface | 1.21.6-230825.1720 |
| n3uron | web_user_interface | 1.21.7-240207.1047 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-69929 is a critical privilege escalation vulnerability in the N3uron Web User Interface. It allows a low-privileged authenticated user to access sensitive information, including password hashes of all registered users. The vulnerability arises from multiple insecure design flaws: excessive data exposure via WebSocket communications, lack of proper authorization checks on sensitive configuration endpoints, and the use of client-side password hashing with the weak MD5 algorithm applied to a predictable string format ('n3@' + password + '@'). The hashing logic is exposed in client-side JavaScript, making offline password cracking easier. An attacker can collect password hashes of higher-privileged users and perform offline cracking to escalate privileges within the application and potentially move laterally to other systems. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with low privileges to obtain password hashes of all users, including high-privileged ones, by exploiting exposed endpoints and weak client-side hashing. The attacker can then perform offline cracking of these hashes to gain higher privileges within the N3uron application. This can lead to unauthorized access to sensitive information, privilege escalation, and lateral movement to other systems by reusing compromised credentials. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring WebSocket communications for excessive data exposure, especially requests to the Config - Roles - Users/Groups endpoint that return password hashes. Additionally, inspecting client-side JavaScript (/app/app.js) for the presence of MD5 hashing applied to the predictable string format "n3@" + password + "@" can indicate vulnerability. Commands to detect this may include using WebSocket inspection tools or intercepting traffic with tools like Wireshark or Burp Suite to analyze WebSocket responses for user enumeration and password hashes. Also, reviewing the client-side JavaScript files for the hashing logic can be done with commands like `grep -i md5 /path/to/app.js` or similar. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Config - Roles - Users/Groups endpoint by implementing proper authorization checks to prevent unauthorized enumeration of users and password hashes. Disable or replace client-side password hashing using MD5 with a more secure server-side hashing mechanism using a strong algorithm and salt. Additionally, monitor and limit WebSocket communications to avoid excessive data exposure. Applying patches or updates from the vendor when available is also recommended. [1]