CVE-2025-48027 MEDIUM

CVE-2025-48027

Vendor Mutonufoai
Product pGina.Fork
Weakness CWE-290
Published May 15, 2025
Last update May 15, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver.

Key dates

02Disclosure timeline

May 15, 2025 CVE published
May 15, 2025 Record updated