HIGH🇬🇧 English

CVE-2025-54305

CVSS 7.8v3.1pub. 2025-12-04upd. 2025-12-16

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTE_ADDR property in request.META is set to 127.0.0.1, to 127.0.1.1, or to ::1. Any user with local access to the server may bypass authentication.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Thermofisher Torrent Suite Software

    APP
    Thermofisher
    5.18.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2025-54303CRITICAL9.8PL ✓ten sam produkt

Domyślne słabe poświadczenia w Thermo Fisher Torrent Suite Software

CVE-2025-54306HIGH7.2ten sam produkt

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution ...

CVE-2025-54307HIGH8.8ten sam produkt

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/p...

CVE-2025-53963CRITICAL9.8PL ✓ten sam vendor

Słabe domyślne hasło root w urządzeniu Thermo Fisher Ion Torrent OneTouch 2

CVE-2025-54304CRITICAL9.8PL ✓ten sam vendor

Niezabezpieczony serwer X11 w Thermo Fisher Ion Torrent OneTouch 2 umożliwia RCE z uprawnieniami root