How severe is CVE-2025-4552?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2025-4552?

This is classified as CWE-620, which is a common weakness in software security.

CVE-2025-4552 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The manipulation leads to unverified password change. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2022-2930

MEDIUM

CVSS:5.3(Medium)

Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.

CWE-6202022

CVE-2024-8794

MEDIUM

CVSS:5.3(Medium)

The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the reset_user_password() function not verifying a us...

CWE-6202024

CVE-2021-34786

MEDIUM

CVSS:4.9(Medium)

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected s...

CWE-6202021

CVE-2021-22773

MEDIUM

CVSS:6.5(Medium)

A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1...

CWE-6202021

CVE-2023-4465

MEDIUM

CVSS:6.5(Medium)

A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300...

CWE-6202023

CVE-2024-41796

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password. ...

CWE-6202024