CVE-2025-44040
CVE-2025-44040 affects OrangeHRM v5.7. The vulnerability arises from UserService.php and the checkForOldHash function, where authentication decisions may rely on PHP loose-equality comparisons when a specific MD5 value is present in the credential store. This can enable privilege escalation. Sour...