CVE-2025-26485

Published Mar 19, 2025

Last updated 3 months ago

CVSS medium 5.8

Overview

Description
The Exposure of Sensitive Information to an Unauthorized Actor vulnerability impacting Beta80 Life 1st Identity Manager allows User Enumeration using Authentication Rest APIs. Affected: Life 1st version 1.5.2.14234. Different error messages are returned to failed authentication attempts in case of the usage of a wrong password or a non existent user. This issue affects Life 1st: 1.5.2.14234.
Source
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.8
Impact score
1.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
CWE-200

Social media

Hype score
Not currently trending

  1. CVE-2025-26485 The Exposure of Sensitive Information to an Unauthorized Actor vulnerability impacting Beta80 Life 1st Identity Manager allows User Enumeration using Authenticatio… https://t.co/rm8Qkbpjb0

    @CVEnew

    19 Mar 2025

    288 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.