CRITICAL🇵🇱 Wersja polska

CVE-2025-56447

CVSS 9.8v3.1pub. 2025-10-22upd. 2026-07-05

TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.

🤖 AI Analysis
How it works

The vulnerability combines two issues: a flaw in the authentication mechanism (CWE-287) that allows an attacker to gain system access without providing correct login credentials, and the transmission of authentication data in unencrypted form (CWE-319). An attacker can intercept or bypass the identity verification process and then — due to the lack of encryption — gain access to login data of other users being transmitted over the network. The entire attack is possible remotely, without victim interaction and without requiring any permissions in the system.

Impact

An attacker can gain full, unauthorized access to the TM2 monitoring system, take control of its data and configuration, and obtain user authentication credentials (confidentiality, integrity, and availability of the system are fully compromised).

Mitigation & patch

Apply patches available from the vendor according to the references. It is temporarily recommended to restrict network access to the TM2 Monitoring system using a firewall or VPN and to monitor network traffic for unauthorized access attempts. Avoid transmitting authentication credentials over untrusted networks until the patch is applied.

Who is affected

TM2 Monitoring version 3.04

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References