← volver
CVE-2025-0417

Valmet DNA Lack of protection against brute force attacks

CVSS 7 HIGHEPSS 0.1%CWE-307
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
01 abr 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green
Productos afectados
Valmet · Valmet DNA

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0417/