Authentication Token Exposure in Centurion ERP by Nofuss Computing
CVE-2025-58156

1.9LOW

Key Information:

Vendor

Nofusscomputing

Status
Centurion Erp
Vendor
CVE Published:
29 August 2025

What is CVE-2025-58156?

Centurion ERP, a product focused on IT service management and automation, has a vulnerability that allows authenticated users to access sensitive authentication token details stored in its database. While the actual tokens remain hashed, this exposure could potentially lead to security risks if not addressed. Users are strongly urged to remove all authentication tokens created in affected versions (1.12.0 through 1.20.9) and upgrade to version 1.21.0, which includes a fix for this issue. Disabling token authentication is not a viable workaround. For the utmost security, webmasters should ensure that these tokens are completely eliminated from the database.

Affected Version(s)

centurion_erp >= 1.12.0, < 1.21.0

References

https://github.com/nofusscomputing/centurion_erp/security...
x_refsource_CONFIRM
https://github.com/nofusscomputing/centurion_erp/pull/974
x_refsource_MISC
https://github.com/nofusscomputing/centurion_erp/commit/3...
x_refsource_MISC

CVSS V3.1

Score:
1.9
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-58156 : Authentication Token Exposure in Centurion ERP by Nofuss Computing