SecuriTricks - CVE-2025-3838

Description

An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed credentials of the installer. This EOL component was deprecated in September 2023 with end of support extended till January 2024.

Product(s) Impacted

Vendor	Product	Versions
Unknown	Ova Based Connect Component	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	unknown	ova_based_connect_component	/	/	/	/	/	/	/	/

References

https://saviynt.com/trust-compliance-security

CVSS Score

6.1 / 10

CVSS Data - 4.0

Attack Vector: ADJACENT
Attack Complexity: HIGH
Attack Requirements: PRESENT
Privileges Required: NONE
User Interaction: NONE
Scope:
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: HIGH
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: April 21, 2025, 10:15 a.m.
Last Modified: April 21, 2025, 2:23 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

bd8dbf88-98d9-42c6-be08-cf8e48a32093

CVE-2025-3838