Database Manipulation Vulnerability in UNI-NMS-Lite by UNI-Systems
CVE-2025-46274

9.3CRITICAL

Key Information:

Vendor: Planet Technology
Status: Uni-nms-lite
Vendor: CVE Published:; 24 April 2025

🔔 Create Planet Technology Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2025-46274?

The UNI-NMS-Lite application has a significant security flaw due to the use of hard-coded credentials, enabling an unauthorized attacker to access the managed database. This vulnerability can be exploited to read, manipulate, and create entries, posing a serious risk to the integrity and confidentiality of sensitive data. It is imperative for users and administrators to be aware of this vulnerability and implement necessary security measures to protect their systems.

Affected Version(s)

UNI-NMS-Lite 0 <= 1.0b211018

News Articles

Hackread

CVE-2025-46271 CVE-2025-46274

Planet Technology Industrial Switch Flaws Risk Full Takeover - Patch Now

Immersive have discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Hackread
Apr 26, 2025
Vulnerability published
Apr 24, 2025
Vulnerability Reserved
Apr 22, 2025

Credit

Kev Breen of Immersive reported these vulnerabilities to CISA.