CVE-2025-53704

Published Dec 4, 2025

Last updated 2 months ago

CVSS high 8.7
Sonicwall

Overview

Description
The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account.
Source
ics-cert@hq.dhs.gov
NVD status
Deferred

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity
HIGH

Weaknesses

ics-cert@hq.dhs.gov
CWE-640

Social media

Hype score
Not currently trending

Related CVEs

  1. A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.CVE-2026-0204
  2. A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.CVE-2026-0205
  3. A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.CVE-2026-0206
  4. A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall.CVE-2026-3439
  5. A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.CVE-2026-0400

References

Sources include official advisories and independent security research.