Unverified Password Change Vulnerability in Janto by Janto
CVE-2025-1107

9.9CRITICAL

Key Information:

Vendor: Impronta
Status: Janto
Vendor: CVE Published:; 7 February 2025

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-1107?

An unverified password change vulnerability exists in Janto versions prior to r12, which could enable an unauthenticated attacker to modify another user's password without knowledge of their current credentials. To successfully exploit this weakness, an attacker needs to generate a specific POST request directed to the '/public/cgi/Gateway.php' endpoint, thereby compromising user accounts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Janto 0

News Articles

TheSecMaster

CVE-2025-1107

Fix Critical Janto CVE-2025-1107 & 1108 Vulnerabilities

Learn how to patch and mitigate critical Janto software vulnerabilities CVE-2025-1107 and CVE-2025-1108. Upgrade to r12 for immediate protection.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
Feb 8, 2025
📰
First article discovered by TheSecMaster
Feb 8, 2025
Vulnerability published
Feb 7, 2025
Vulnerability Reserved
Feb 7, 2025

Credit

Guzmán Fernández Ocaña

JSON

Impronta