Missing Password Field Masking in DĂ­gitro NGC Explorer by DĂ­gitro
CVE-2025-4526

5.3MEDIUM

Key Information:

Vendor

DĂ­gitro

Status
Ngc Explorer
Vendor
CVE Published:
11 May 2025

What is CVE-2025-4526?

A serious vulnerability has been identified in the configuration page of DĂ­gitro NGC Explorer version 3.44.15, which allows for a lack of password field masking. This flaw permits remote attackers to view passwords in plaintext, potentially exposing sensitive user data. Despite early notifications to the vendor regarding this issue, there has been no response, leaving users at risk of exploitation.

Affected Version(s)

NGC Explorer 3.44.15

References

https://vuldb.com/?id.308271
vdb-entry
https://vuldb.com/?ctiid.308271
signaturepermissions-required
https://vuldb.com/?submit.565307
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

.
CVE-2025-4526 : Missing Password Field Masking in DĂ­gitro NGC Explorer by DĂ­gitro