← back
CVE-2025-57434

CVE-2025-57434

CVSS 8.8 HIGHEPSS 0.5%CWE-287CWE-798
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Sep 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57434http://www.creacast.com/