CVE-2025-4558 CRITICAL

CVE-2025-4558: WormHole Tech GPM - Unverified Password Change

Vendor Wormhole Tech
Product GPM
Weakness CWE-620 · Unverified password change
Published May 12, 2025
Last update May 12, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.

Key dates

02Disclosure timeline

May 12, 2025 CVE published
May 12, 2025 Record updated