github - ghsa-538j-4932-wc23

ghsa-538j-4932-wc23

Vulnerability from github

Published

2025-10-31 18:31

Modified

2025-10-31 18:31

Severity ?

8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Details

When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-12508"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-31T16:15:39Z",
    "severity": "HIGH"
  },
  "details": "When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.",
  "id": "GHSA-538j-4932-wc23",
  "modified": "2025-10-31T18:31:14Z",
  "published": "2025-10-31T18:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12508"
    },
    {
      "type": "WEB",
      "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0006.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2025-12508 (GCVE-0-2025-12508)

Vulnerability from cvelistv5

Published

2025-10-31 15:49

Modified

2025-10-31 17:44

Severity ?

8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-319 - Cleartext Transmission of Sensitive Information

Summary

When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.

References

URL

Tags

https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0006.pdf

Impacted products

	Vendor	Product	Version
	Bizerba	BRAIN2	Version: 0.0 ≤

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12508",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-31T17:44:19.445267Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-31T17:44:27.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "BRAIN2",
          "vendor": "Bizerba",
          "versions": [
            {
              "lessThan": "3.07",
              "status": "affected",
              "version": "0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:bizerba:brain2:*:*:windows:*:*:*:*:*",
                  "versionEndExcluding": "3.07",
                  "versionStartIncluding": "0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality."
            }
          ],
          "value": "When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-31T15:49:54.429Z",
        "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "shortName": "bizerba"
      },
      "references": [
        {
          "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0006.pdf"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to version 3.07\u003cbr\u003e"
            }
          ],
          "value": "Update to version 3.07"
        }
      ],
      "source": {
        "advisory": "BIZERBA-SA-2025-0006",
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-30T23:00:00.000Z",
          "value": "Release of new version BRAIN2 3.07"
        },
        {
          "lang": "en",
          "time": "2025-10-30T23:00:00.000Z",
          "value": "Publish Security"
        }
      ],
      "title": "Unencrypted communication to Active Directory services",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Do not use domain users as BRAIN2 users in unprotected networks. Use local BRAIN2 users instead."
            }
          ],
          "value": "Do not use domain users as BRAIN2 users in unprotected networks. Use local BRAIN2 users instead."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
    "assignerShortName": "bizerba",
    "cveId": "CVE-2025-12508",
    "datePublished": "2025-10-31T15:49:54.429Z",
    "dateReserved": "2025-10-30T14:08:50.565Z",
    "dateUpdated": "2025-10-31T17:44:27.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.