CVE-2025-4687 HIGH

CVE-2025-4687: Account pre-hijacking through invite misuse

Vendor Teltonika Networks
Product RMS
Published May 29, 2025
Last update May 29, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7.

Key dates

02Disclosure timeline

May 29, 2025 CVE published
May 29, 2025 Record updated