AI description
CVE-2025-48952 is a vulnerability found in NetAlertX, a network and presence scanner, in versions prior to 25.6.7. The vulnerability lies in the authentication logic, where a loose comparison in PHP allows users to bypass password verification using SHA-256 magic hashes. Specifically, the application uses the `==` operator instead of the strict `===` for password comparison, which can lead to specially crafted "magic hash" values evaluating to true and bypassing authentication. This could allow unauthorized access to services relying on this authentication logic. Version 25.6.7 addresses and fixes this vulnerability.
- Description
- NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the `==` operator at line 40 in front/index.php. This introduces a security issue where specially crafted "magic hash" values that evaluate to true in a loose comparison can bypass authentication. Because of the use of `==` instead of the strict `===`, different strings that begin with 0e and are followed by only digits can be interpreted as scientific notation (i.e., zero) and treated as equal. This issue falls under the Login Bypass vulnerability class. Users with certain "weird" passwords that produce magic hashes are particularly affected. Services relying on this logic are at risk of unauthorized access. Version 25.6.7 fixes the vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.4
- Impact score
- 5.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-697
- Hype score
- Not currently trending
🚨Alert🚨 CVE-2025-48952:Password Bypass Vulnerability due to Loose Comparison in PHP 🔥PoC : https://t.co/7N4B5dbOIy 📊109 Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/BOWxvNBjGe 👇Query HUNTER : https://t.co/q9rtuGgxk7="NetAle
@HunterMapping
9 Jul 2025
3320 Impressions
10 Retweets
47 Likes
34 Bookmarks
1 Reply
0 Quotes
🚨CVE-2025-48952: NetAlertX Password Bypass Vulnerability due to Loose Comparison in PHP PoC and Advisory: https://t.co/fbx8gMaE0C Details: https://t.co/i5r83bwYzx CVSS: 9.4 https://t.co/dLYfntkUFD
@DarkWebInformer
7 Jul 2025
6060 Impressions
5 Retweets
32 Likes
8 Bookmarks
0 Replies
0 Quotes
CVE-2025-48952 visar på allvarliga risker vid lösenordsvalidering. En löst jämförelse i PHP kan låta obehöriga kringgå autentiseringen. Viktigt att uppdatera till version 25.6.7! #säkerhet #cybersäkerhet #CVE
@Sakerhetsblogg
5 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48952 Authentication Bypass in NetAlertX via PHP Loose Comparison Vulne... https://t.co/6rD8e9jYei Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
5 Jul 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48952 NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password ve… https://t.co/rOZaBG20bp
@CVEnew
4 Jul 2025
745 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
[CVE-2025-48952: CRITICAL] NetAlertX before version 25.6.7 had a vulnerability allowing users to bypass password verification using SHA-256 magic hashes due to loose comparison in PHP. Upgrade to fix the issue.#cve,CVE-2025-48952,#cybersecurity https://t.co/PSGCL5VYRY https://t.c
@CveFindCom
4 Jul 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes