CVE-2025-57434HIGH 8.8EPSS p36.3%

CVE-2025-57434CVE-2025-57434

Description

Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.46% probability of exploitation · percentile 36.3% · 2026-06-19T12:03:05Z
Published2025-09-22
Last modified2025-10-14

Underlying weaknesses· 2

CWE-287CWE-798

References

  1. http://www.creacast.com/
  2. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57434

2

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live
WeaknessUse of Hard-coded Credentialscwe-7980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-57439
CVE
CVE-2026-24346
CVE
CVE-2025-1393
CVE
CVE-2025-52692
CVE
CVE-2025-28230
CVE
CVE-2026-23595
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.