Security Advisory

CVE-2025-1107

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-02-07 13:38:40

Last updated 2025-02-12 20:51:40

Assigner INCIBE

State PUBLISHED

Description

Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another users password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.

← Browse all CVEs View on cve.org ↗