CVE-2025-26788

Published Feb 14, 2025

Last updated a year ago

CVSS high 8.4
StrongKey FIDO Server

Overview

Description
StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.
Source
cve@mitre.org
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.4
Impact score
6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-639

Social media

Hype score
Not currently trending

  1. “Passkey認証におけるアカウント乗っ取り - Non Discoverable Credentialフローとの混在に起因する脆弱性(CVE-2025-26788)解説 - GMO Flatt Security Blog” https://t.co/qVdYR2KPAA

    @gorigorimoro

    21 Sept 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Passkey認証におけるアカウント乗っ取り - Non Discoverable Credentialフローとの混在に起因する脆弱性(CVE-2025-26788)解説(2025-08-05) #パスキー https://t.co/2tZjWIP4ni

    @_nat

    11 Aug 2025

    353 Impressions

    0 Retweets

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  3. Passkey認証におけるアカウント乗っ取り - Non Discoverable Credentialフローとの混在に起因する脆弱性(CVE-2025-26788)解説 https://t.co/0lRDbTfVLN 「攻撃者が用意した認証器で生成されたアサーションを使用し、被害者のアカ

    @akibablog

    5 Aug 2025

    3485 Impressions

    2 Retweets

    1 Like

    3 Bookmarks

    0 Replies

    0 Quotes

  4. Passkey認証におけるアカウント乗っ取り - Non Discoverable Credentialフローとの混在に起因する脆弱性(CVE-2025-26788)解説 - GMO Flatt Security Blog https://t.co/6SAHzyqvmn

    @yousukezan

    5 Aug 2025

    5601 Impressions

    18 Retweets

    60 Likes

    43 Bookmarks

    0 Replies

    0 Quotes

  5. セキュリティエンジニア小武のブログを公開しました! Passkey(Discoverable Credential)と、Non Discoverable Credentialsの認証フローが混在していたことが原因でアカウントの乗っ取りが可能だった脆弱性 CVE-2025-26788 を詳

    @flatt_security

    5 Aug 2025

    4162 Impressions

    14 Retweets

    37 Likes

    16 Bookmarks

    1 Reply

    0 Quotes

  6. 🚨 CVE-2025-26788 🔴 HIGH (8.4) 🏢 StrongKey - FIDO Server 🏗️ 0 🔗 https://t.co/hyEBe9LY5x #CyberCron #VulnAlert https://t.co/jwzYzHByBT

    @cybercronai

    16 Feb 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. [CVE-2025-26788: HIGH] StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.#cybersecurity,#vulnerability https://t.co/GPuMGnP1Zs https://t.co/EIkhY6T8Jb

    @CveFindCom

    14 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.