cvedb.io
CVE-2026-25654
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2026-04-14T09:16:35.150 · Last modified 2026-06-17T10:25:01.283

Summary

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.