CVE-2025-30235

CVSS 3.5 LOWEPSS 0.2%CWE-362

Vexday Risk Score

8Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 3.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

19 mar 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

Productos afectados

SecurEnvoy · SecurAccess

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://reserge.org/probabilistically-breaking-securenvoy-totp/https://securenvoy.com/wp-content/uploads/2025/03/Release-Notes-9.4.515.pdf