Unverified Password Change Vulnerability in Janto by Janto
CVE-2025-1107

9.9CRITICAL

Key Information:

Vendor

Impronta

Status
Janto
Vendor
CVE Published:
7 February 2025

Badges

šŸ‘¾ Exploit ExistsšŸ“° News Worthy

What is CVE-2025-1107?

An unverified password change vulnerability exists in Janto versions prior to r12, which could enable an unauthenticated attacker to modify another user's password without knowledge of their current credentials. To successfully exploit this weakness, an attacker needs to generate a specific POST request directed to the '/public/cgi/Gateway.php' endpoint, thereby compromising user accounts.

Affected Version(s)

Janto 0

News Articles

favicon imageTheSecMaster

Fix Critical Janto CVE-2025-1107 & 1108 Vulnerabilities

Learn how to patch and mitigate critical Janto software vulnerabilities CVE-2025-1107 and CVE-2025-1108. Upgrade to r12 for immediate protection.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • šŸ‘¾

    Exploit known to exist

  • šŸ“°

    First article discovered by TheSecMaster

  • Vulnerability published

  • Vulnerability Reserved

Credit

GuzmƔn FernƔndez OcaƱa
.