← back
CVE-2024-55585

CVE-2024-55585

CVSS 9 CRITICALEPSS 0.4%CWE-306
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Jun 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/RE:M/U:Red
Affected products
MOPS · moPS