CRITICAL🇵🇱 Wersja polska

CVE-2025-51536

CVSS 9.8v3.1pub. 2025-08-04upd. 2025-09-23

Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.

🤖 AI Analysis
How it works

The vulnerability consists of a hardcoded password for the administrator account in the OpenAtlas application, which is a classic example of CWE-798 (Use of Hard-coded Credentials) and CWE-1392 (Use of Default Credentials). An attacker who discovers or guesses this password (e.g., through source code or documentation analysis) can log into the administrator account without any additional authentication barriers. The attack vector is network-based and does not require prior authentication or user interaction.

Impact

An attacker gains full access to the application's administrator account, resulting in a breach of confidentiality, integrity, and availability of data — including the possibility of theft, modification, or deletion of archaeological data stored in the system.

Mitigation & patch

Apply patches available from the manufacturer according to the references. As an immediate remedial action, change the administrator account password to a unique and strong password and restrict access to the administration panel exclusively to trusted IP addresses.

Who is affected

OpenAtlas v8.11.0 (Austrian Archaeological Institute)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Craws Openatlas

    APP
    Craws
    < 8.12.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-51535CRITICAL9.1PL ✓ten sam produkt

SQL Injection w OpenAtlas v8.11.0 (Austrian Archaeological Institute)

CVE-2025-60915HIGH8.1ten sam produkt

An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8...

CVE-2025-51534HIGH8.1ten sam produkt

A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 allows ...

CVE-2025-60914MEDIUM4.6ten sam produkt

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to acc...

CVE-2025-56423MEDIUM5.3ten sam produkt

An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a re...