CVE-2025-4558CRITICAL 9.8EPSS p35.5%

CVE-2025-4558CVE-2025-4558

Description

The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.45% probability of exploitation · percentile 35.5% · 2026-06-19T12:03:05Z
Published2025-05-12
Last modified2026-04-15

Underlying weaknesses· 1

CWE-620

References

  1. https://www.twcert.org.tw/en/cp-139-10115-f5f14-2.html
  2. https://www.twcert.org.tw/tw/cp-132-10114-10b4b-1.html

1

TypeTargetConfidenceTier
WeaknessUnverified Password Changecwe-6200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-24789
CVE
CVE-2025-46275
CVE
CVE-2025-27595
CVE
CVE-2026-35075
CVE
CVE-2025-1393
CVE
CVE-2025-40805
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.