How severe is CVE-2023-25131?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-25131?

This is classified as CWE-1393, which is a common weakness in software security.

CVE-2023-25131 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the 'admin' password.

Related Vulnerabilities

CVE-2022-4126

CRITICAL

CVSS:9.8(Critical)

Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.

CWE-13932022

CVE-2023-28094

CRITICAL

CVSS:9.8(Critical)

Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.

CWE-13932023

CVE-2023-32090

CRITICAL

CVSS:9.8(Critical)

Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials

CWE-13932023

CVE-2023-45249

CRITICAL

CVSS:9.8(Critical)

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build...

CWE-13932023

CVE-2024-29666

CRITICAL

CVSS:9.8(Critical)

Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component.

CWE-13932024

CVE-2024-30802

CRITICAL

CVSS:9.8(Critical)

An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component.

CWE-13932024