CVE-2024-55585
CVE-2024-55585
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
07 Jun 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/RE:M/U:Red
Affected products
MOPS · moPS