CVE-2025-3091

Published Jun 24, 2025

Last updated 22 days ago

CVSS high 7.5

Overview

Description
An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.
Source
info@cert.vde.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
5.9
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

info@cert.vde.com
CWE-639

Social media

Hype score
Not currently trending

  1. CVE-2025-3091 An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password. https://t.co/PvPiUULdS7

    @CVEnew

    24 Jun 2025

    503 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.