CVE-2025-30235

CVSS 3.5 LOWEPSS 0.2%CWE-362

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 3.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

19 Mar 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

Affected products

SecurEnvoy · SecurAccess

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://reserge.org/probabilistically-breaking-securenvoy-totp/https://securenvoy.com/wp-content/uploads/2025/03/Release-Notes-9.4.515.pdf