CRITICAL🇵🇱 Wersja polska

CVE-2025-48748

CVSS 10.0v3.1pub. 2025-05-29upd. 2025-06-23

Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.

🤖 AI Analysis
How it works

Netwrix Directory Manager software contains a fixed, immutable password embedded directly in the application code. An attacker who learns or reproduces this password (e.g., through binary analysis or public disclosure) can use it to authenticate to the system. Because the password is identical in all installations and cannot be changed by an administrator, every instance of the product is vulnerable in the same way. The attack vector is network-based, with no requirement for any privileges or user interaction.

Impact

An attacker can gain full, unauthorized access to the directory management system, which may lead to disclosure of sensitive data, modification of configuration, and complete takeover of the identity and group management environment in the organization.

Mitigation & patch

Patches available from the vendor should be applied according to the references. Detailed information is available in the official Netwrix security notice at: https://community.netwrix.com/t/adv-2025-013-hard-coded-password-in-netwrix-directory-manager-formerly-imanami-groupid-v10-and-earlier/13945

Who is affected

Netwrix Directory Manager (formerly Imanami GroupID) in version up to and including 10.0.7784.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Netwrix Directory Manager

    APP
    Netwrix
    ≤ 10.0.7784.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-48749CRITICAL9.1PL ✓ten sam produkt

Netwrix Directory Manager — ujawnienie wrażliwych danych w wysyłanych żądaniach

CVE-2025-54397MEDIUM4.3ten sam produkt

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Informati...

CVE-2025-54394MEDIUM5.3ten sam produkt

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protecte...

CVE-2025-54395MEDIUM6.1ten sam produkt

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authenticati...

CVE-2025-54396MEDIUM5.4ten sam produkt

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authe...