CVE-2025-69929
Modified Modified - Updated After Analysis

BaseFortify

Vulnerability report for CVE-2025-69929, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-29

Last updated on: 2026-07-05

Assigner: MITRE

Description

An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-29
Last Modified
2026-07-05
Generated
2026-07-06
AI Q&A
2026-01-29
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
n3uron web_user_interface 1.21.13-250422.0858
n3uron web_user_interface 1.21.6-230825.1720
n3uron web_user_interface 1.21.7-240207.1047

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-69929 is a critical privilege escalation vulnerability in the N3uron Web User Interface. It allows a low-privileged authenticated user to access sensitive information, including password hashes of all registered users. The vulnerability arises from multiple insecure design flaws: excessive data exposure via WebSocket communications, lack of proper authorization checks on sensitive configuration endpoints, and the use of client-side password hashing with the weak MD5 algorithm applied to a predictable string format ('n3@' + password + '@'). The hashing logic is exposed in client-side JavaScript, making offline password cracking easier. An attacker can collect password hashes of higher-privileged users and perform offline cracking to escalate privileges within the application and potentially move laterally to other systems. [1]

Impact Analysis

This vulnerability can allow an attacker with low privileges to obtain password hashes of all users, including high-privileged ones, by exploiting exposed endpoints and weak client-side hashing. The attacker can then perform offline cracking of these hashes to gain higher privileges within the N3uron application. This can lead to unauthorized access to sensitive information, privilege escalation, and lateral movement to other systems by reusing compromised credentials. [1]

Detection Guidance

This vulnerability can be detected by monitoring WebSocket communications for excessive data exposure, especially requests to the Config - Roles - Users/Groups endpoint that return password hashes. Additionally, inspecting client-side JavaScript (/app/app.js) for the presence of MD5 hashing applied to the predictable string format "n3@" + password + "@" can indicate vulnerability. Commands to detect this may include using WebSocket inspection tools or intercepting traffic with tools like Wireshark or Burp Suite to analyze WebSocket responses for user enumeration and password hashes. Also, reviewing the client-side JavaScript files for the hashing logic can be done with commands like `grep -i md5 /path/to/app.js` or similar. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the Config - Roles - Users/Groups endpoint by implementing proper authorization checks to prevent unauthorized enumeration of users and password hashes. Disable or replace client-side password hashing using MD5 with a more secure server-side hashing mechanism using a strong algorithm and salt. Additionally, monitor and limit WebSocket communications to avoid excessive data exposure. Applying patches or updates from the vendor when available is also recommended. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69929. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart