Password Brute-Force Vulnerability in Vantage6 Framework by Vantage6
CVE-2025-43863

1.7LOW

Key Information:

Vendor: Vantage6
Status: Vantage6
Vendor: CVE Published:; 12 June 2025

What is CVE-2025-43863?

The Vantage6 Framework, an open-source platform designed to facilitate privacy-enhancing technologies like Federated Learning and Multi-Party Computation, is susceptible to a password brute-force attack. Attackers with access to an authenticated session can exploit the change password functionality, allowing them to continuously attempt to guess the user's password. The system returns a 'wrong password' message repetitively, enabling infinite attempts until the correct one is found. This issue has been resolved in version 4.11 of the framework.

Affected Version(s)

vantage6 < 4.11.0

References

https://github.com/vantage6/vantage6/security/advisories/...

x_refsource_CONFIRM

CVSS V4

Score:

1.7

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2025
Vulnerability Reserved
Apr 17, 2025