Vulnerability Database

309,469

Total vulnerabilities in the database

CVE-2025-4558

The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.

Published: May 12, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-4558
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-620

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

No affected software listed.

https://www.twcert.org.tw/en/cp-139-10115-f5f14-2.html
https://www.twcert.org.tw/tw/cp-132-10114-10b4b-1.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo