CVE-2025-34155 MEDIUM

CVE-2025-34155: Tibbo AggreGate Network Manager < 6.40.05 Login Functionality User Enumeration

Vendor Tibbo Systems
Product AggreGate Network Manager
Weakness CWE-204
Published October 23, 2025
Last update May 14, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Tibbo AggreGate Network Manager < 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can facilitate user enumeration and increase the likelihood of targeted brute-force or credential-stuffing attacks.

Key dates

02Disclosure timeline

October 23, 2025 CVE published
May 14, 2026 Record updated