Client-Side Security Flaw in DĂ­gitro NGC Explorer Password Transmission Handler
CVE-2025-4527

6.3MEDIUM

Key Information:

Vendor

DĂ­gitro

Status
Ngc Explorer
Vendor
CVE Published:
11 May 2025

What is CVE-2025-4527?

A critical security vulnerability has been identified within the DĂ­gitro NGC Explorer, specifically in version 3.44.15, affecting its Password Transmission Handler component. This vulnerability exposes a serious flaw allowing client-side enforcement of server-side security measures. Attackers may exploit this weakness remotely, posing a significant risk to users as it undermines the integrity of password security mechanisms. Although the attack's complexity is classified as high and exploitation is challenging, the potential for unauthorized access remains a concerning threat. Despite early notifications regarding this issue, the vendor did not provide a response.

Affected Version(s)

NGC Explorer 3.44.15

References

https://vuldb.com/?id.308272
vdb-entry
https://vuldb.com/?ctiid.308272
signaturepermissions-required
https://vuldb.com/?submit.565308
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

j369 (VulDB User)
.
CVE-2025-4527 : Client-Side Security Flaw in DĂ­gitro NGC Explorer Password Transmission Handler