← voltar
CVE-2025-4687

Account pre-hijacking through invite misuse

CVSS 7.2 HIGHEPSS 0.4%CWE-288
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.2EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
29 mai 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:H/SC:H/SI:H/SA:H
Produtos afetados
Teltonika Networks · RMS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://jowin922.medium.com/cve-2025-4687-pre-account-takeover-through-invite-on-teletonika-rms-website-972335378829