CRITICAL🇵🇱 Wersja polska

CVE-2025-1107

CVSS 9.9v3.1pub. 2025-02-07upd. 2026-04-15

Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.

🤖 AI Analysis
How it works

The vulnerability results from the lack of user identity verification during the password change procedure (CWE-620 — Unverified Password Change). An attacker can construct a properly crafted HTTP POST request and send it directly to the '/public/cgi/Gateway.php' endpoint. The server accepts this request without checking whether the sender knows the current account password or is authorized to perform this operation, resulting in successful password change for the selected user.

Impact

An unauthorized attacker can gain full control over any user account in the Janto system by changing its password, leading to unauthorized access to application data and functions. In the case of administrative accounts, the consequences may include complete system takeover.

Mitigation & patch

Janto software should be updated immediately to version r12 or newer. As an additional remedial measure until the update is deployed, network access to the '/public/cgi/Gateway.php' endpoint can be restricted at the firewall or web server level to only trusted sources. Details are available in the manufacturer's references and the INCIBE-CERT statement.

Who is affected

Janto software in versions prior to r12.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References