CVE-2025-0417 HIGH

CVE-2025-0417: Valmet DNA Lack of protection against brute force attacks

Vendor Valmet
Product Valmet DNA
Weakness CWE-307 · Brute force
Published April 1, 2025
Last update April 1, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green

What the vulnerability does

01Description

Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.

Key dates

02Disclosure timeline

April 1, 2025 CVE published
April 1, 2025 Record updated