Lucene search
+L

7 matches found

RedhatCVE
RedhatCVE
added 2025/06/14 6:0 p.m.7 views

CVE-2025-43863

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

9.8CVSS6.3AI score0.00397EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/06/12 11:0 p.m.5 views

vantage6-algorithm-store (>=4.10.0 <=4.10.2), vantage6-node (>=0.0.0 <=4.10.2) +1 more potentially affected by CVE-2025-43863 via vantage6 (>=0.0.0 <=4.10.2)

vantage6 PYPI version =0.0.0, =4.10.0, =0.0.0, =0.0.0, =4.10.2 Source cves: CVE-2025-43863 Source advisory: OSV:GHSA-J6G5-P62X-58HW...

9.8CVSS5.8AI score0.00397EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/12 6:15 p.m.6 views

vantage6-algorithm-store (>=4.10.0 <=4.10.2), vantage6-node (>=0.0.0 <=4.10.2) +1 more potentially affected by CVE-2025-43863 via vantage6 (>=0.0.0 <=4.10.2)

vantage6 PYPI version =0.0.0, =4.10.0, =0.0.0, =0.0.0, =4.10.2 Source cves: CVE-2025-43863 Source advisory: OSV:PYSEC-2025-220...

9.8CVSS5.8AI score0.00397EPSS
Exploits0
NVD
NVD
added 2025/06/12 6:15 p.m.16 views

CVE-2025-43863

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

9.8CVSS0.00397EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/12 5:29 p.m.6 views

CVE-2025-43863 vantage6 lacks brute-force protection on change password functionality

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

6.3CVSS7AI score0.00397EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/12 5:29 p.m.16 views

CVE-2025-43863 vantage6 lacks brute-force protection on change password functionality

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

6.3CVSS0.00397EPSS
Exploits0References1
CVE
CVE
added 2025/06/12 5:29 p.m.55 views

CVE-2025-43863

vantage6 contains a brute-force vulnerability in the change password flow when an attacker has an authenticated session. The issue arises from unlimited password-change attempts via the route, enabling password-guessing and account compromise. Multiple sources (CVEs, advisories, and vendor notes)...

9.8CVSS6.4AI score0.00397EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder