CVE-2025-42959
HIGHDescription
An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.
CVSS v3.1 Score
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-42959? +
How severe is CVE-2025-42959? +
How do I check if I'm vulnerable to CVE-2025-42959? +
Related Vulnerabilities
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6 …
Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled …
This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access …
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `POST …
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with …
LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM …