github - ghsa-7qh6-rfpx-934h

ghsa-7qh6-rfpx-934h

Vulnerability from github

Published

2025-06-26 21:31

Modified

2025-06-26 21:31

Severity ?

4.2 (Medium) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Details

Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-48462"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-24T03:15:33Z",
    "severity": "MODERATE"
  },
  "details": "Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product.",
  "id": "GHSA-7qh6-rfpx-934h",
  "modified": "2025-06-26T21:31:04Z",
  "published": "2025-06-26T21:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48462"
    },
    {
      "type": "WEB",
      "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2025-48462 (GCVE-0-2025-48462)

Vulnerability from cvelistv5

Published

2025-06-24 02:08

Modified

2025-06-25 13:25

Severity ?

4.2 (Medium) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

References

▼	URL	Tags
	https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061

Impacted products

	Vendor	Product	Version
	Advantech	Advantech Wireless Sensing and Equipment (WISE)	Version: A2.01 B00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48462",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-24T16:42:45.283647Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-25T13:25:06.014Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Advantech Wireless Sensing and Equipment (WISE)",
          "vendor": "Advantech",
          "versions": [
            {
              "status": "affected",
              "version": "A2.01 B00"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marc Heuse"
        }
      ],
      "datePublic": "2025-06-24T02:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product."
            }
          ],
          "value": "Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-24T02:46:38.973Z",
        "orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
        "shortName": "CSA"
      },
      "references": [
        {
          "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration.\n\n\u003cbr\u003e"
            }
          ],
          "value": "This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Login Session Exhaustion",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
    "assignerShortName": "CSA",
    "cveId": "CVE-2025-48462",
    "datePublished": "2025-06-24T02:08:58.607Z",
    "dateReserved": "2025-05-22T09:41:25.401Z",
    "dateUpdated": "2025-06-25T13:25:06.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted