CVE-2025-58443

Published Sep 6, 2025

Last updated 6 months ago

CVSS critical 9.9

Overview

Description
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is expected to be released 9/15/2025. To address this vulnerability immediately, upgrade to the latest version of either the dev-branch or working-1.6 branch. This will patch the issue for users concerned about immediate exposure. See the FOG Project documentation for step-by-step upgrade instructions: https://docs.fogproject.org/en/latest/install-fog-server#choosing-a-fog-version.
Source
security-advisories@github.com
NVD status
Analyzed
Products
fogproject

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.9
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-287

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-58443 - critical 🚨 FOGProject <= 1.5.10.1673 - Authentication Bypass > FOGProject version 1.5.10.1673 suffers from an authentication bypass vulnerability th... 👾 https://t.co/0F19AXh8SL @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    5 Nov 2025

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-58443 Unauthenticated Database Dump Vulnerability in FOG Project Versions 1.5.10.1673 and Below https://t.co/otgNJaG6oV

    @VulmonFeeds

    6 Sept 2025

    117 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-58443 FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It … https://t.co/zAOjh7svOY

    @CVEnew

    6 Sept 2025

    630 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log and fog_login_failed.log), exposing the name of the user account used to manage FOG, the IP address of the computer used to login and the User-Agent. This vulnerability is fixed in 1.5.10.47.CVE-2024-42349
  2. FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395.CVE-2024-42348
  3. FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could create new accounts for the web application and much more. The vulnerability is fixed in 1.5.10.41.CVE-2024-41954
  4. FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that host. Otherwise, an error message containing "Invalid tasking!" will be returned. The domainpassword in the hostinfo dump is hidden even to authenticated users, as it is displayed as a row of asterisks when navigating to the host's Active Directory settings. This vulnerability is fixed in 1.5.10.41.CVE-2024-41108
  5. FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41.CVE-2024-40645

References

Sources include official advisories and independent security research.