CVE-2025-30235 LOW

CVE-2025-30235

Vendor Securenvoy
Product SecurAccess
Weakness CWE-362
Published March 19, 2025
Last update March 19, 2025

CVSS base score

3.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled.

Key dates

02Disclosure timeline

March 19, 2025 CVE published
March 19, 2025 Record updated