216.73.217.172

CVE-2025-4687

· Published 29/05/2025 09:15 · Modified 29/05/2025 14:29

Labels: CVE-2025-4687 001d69cf-3fc9-4203-93fb-9865b54e05b22025-05-29CVE-2025-4687CWE-288

Essential information

Published
29/05/2025 09:15
Modified
29/05/2025 14:29
Author
Creator
CVSS
7.2 HIGH (v3) 7.2 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
001d69cf-3fc9-4203-93fb-9865b54e05b2
NVD
View on NVD

Affected products (CPE)

ProductCPE
teltonika / remote management system cpe:2.3:a:teltonika:remote_management_system:*:<5.7:*:*:*:*:*:*

References