CVE-2025-4552HIGH 8.1EPSS p34.4%

CVE-2025-4552CVE-2025-4552

Description

A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The manipulation leads to unverified password change. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS0.43% probability of exploitation · percentile 34.4% · 2026-06-19T12:03:05Z
Published2025-05-12
Last modified2025-11-10

Underlying weaknesses· 2

CWE-620CWE-640

References

  1. https://github.com/uglory-gll/javasec/blob/main/continew-admin.md#21dev-apisystemuser1password-only-assigning-password-reset-permission-can-reset-the-super-administrator-password
  2. https://vuldb.com/?ctiid.308299
  3. https://vuldb.com/?id.308299
  4. https://vuldb.com/?submit.567572

2

TypeTargetConfidenceTier
WeaknessUnverified Password Changecwe-6200%live
WeaknessWeak Password Recovery Mechanism for Forgotten Passwordcwe-6400%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-23595
CVE
CVE-2025-6097
CVE
CVE-2025-5512
CVE
CVE-2025-51543
CVE
CVE-2025-10389
CVE
CVE-2025-13565
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.