CVE-2025-4687
Essential information
- Published
- 29/05/2025 09:15
- Modified
- 29/05/2025 14:29
- Author
- —
- Creator
- —
- CVSS
- 7.2 HIGH (v3) 7.2 HIGH (v4.0)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
—
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Attack requirements
- PRESENT
- Privileges required
- LOW
- User interaction
- ACTIVE
- Confidentiality (V)
- LOW
- Confidentiality (S)
- HIGH
- Integrity (V)
- LOW
- Integrity (S)
- HIGH
- Availability (V)
- HIGH
- Availability (S)
- HIGH
- Exploit maturity
- NOT_DEFINED
Description
In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7.
NVD status
- Status
- Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- 001d69cf-3fc9-4203-93fb-9865b54e05b2
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| teltonika / remote management system | cpe:2.3:a:teltonika:remote_management_system:*:<5.7:*:*:*:*:*:* |