CRITICAL🇵🇱 Wersja polska

CVE-2025-25595

CVSS 9.8v3.1pub. 2025-03-18upd. 2025-04-01

A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack.

🤖 AI Analysis
How it works

The login page of the Safe App application does not impose a limit on the number of failed authentication attempts (no rate limiting). An attacker can automatically send an unlimited number of login requests with different password combinations until successfully guessing the correct credentials. The attack is possible remotely, without authentication, and without user interaction, which classifies it as very easy to conduct.

Impact

An attacker who successfully conducts a brute force attack can gain unauthorized access to user accounts of the application, leading to violations of confidentiality, integrity, and availability of data stored in the application.

Mitigation & patch

Patches available from the vendor should be applied according to references. Additionally, it is recommended to implement mechanisms for limiting the number of login attempts (rate limiting), account lockout after a specified number of failed attempts, and CAPTCHA on the login page.

Who is affected

Safe App (IITB) version a3.0.9

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Iitb Safe

    APP
    Iitb
    a3.0.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References