CRITICAL🇵🇱 Wersja polska

CVE-2025-69929

CVSS 9.8v3.1pub. 2026-01-29upd. 2026-07-05

An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format

🤖 AI Analysis
How it works

The application computes the user password hash on the client side using the MD5 algorithm (classified as cryptographically weak – CWE-327). The hash is created based on a predictable string format, which allows an attacker to reproduce or craft a correct hash without knowledge of the original password. This enables a remote attacker to impersonate a privileged user and obtain a higher level of access in the application.

Impact

An attacker can remotely escalate their privileges in the N3Uron web interface, potentially gaining full control over the application and industrial resources managed by it (confidentiality, integrity, and availability are fully compromised according to the CVSS vector).

Mitigation & patch

Apply patches available from the manufacturer according to the references (https://n3uron.com/addressing-cve-2025-69929-in-n3uron-web-user-interface/). The manufacturer has published a dedicated article describing how to eliminate the vulnerability.

Who is affected

N3Uron Web User Interface version 1.21.7-240207.1047

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • N3uron Web User Interface

    APP
    N3Uron
    1.21.13-250422.08581.21.6-230825.17201.21.7-240207.1047
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References