CVE-2025-4552: ContiNew Admin password unverified password change
First published: Sun May 11 2025(Updated: )
A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The manipulation leads to unverified password change. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Continew | <=3.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4552?
CVE-2025-4552 is classified as problematic due to the potential for unauthorized password changes.
How do I fix CVE-2025-4552?
To fix CVE-2025-4552, update your ContiNew Admin software to a version greater than 3.6.0.
What are the consequences of CVE-2025-4552?
The consequences of CVE-2025-4552 include the risk of unauthorized access to user accounts through unverified password changes.
Who is affected by CVE-2025-4552?
CVE-2025-4552 affects users of ContiNew Admin versions up to and including 3.6.0.
Is there any evidence of exploitation for CVE-2025-4552?
As of now, there is no public evidence of exploitation for CVE-2025-4552, but the vulnerability poses significant risks.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/severity
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/continew
- canonical/continew