- Description
- Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and provides some protection against brute-force attempts. The applicable severity of this vulnerability depends on whether a Develocity server is accessible by external or unauthorized users, and the complexity of the System User password.
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 8.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- cve@mitre.org
- CWE-201
- Hype score
- Not currently trending
CVE-2025-24858
@fopij4150829440
29 Jan 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerability (CVE-2025-24858, CVSS 8.3) in Develocity (Gradle Enterprise) < 2024.3.1 allows network attackers to obtain the hashed system user password. Update immediately if externally accessible.
@BursaMatus
26 Jan 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-24858 | Develocity prior 2024.1.9/2024.2.7/2024.3.1 User Password insertion of sensitive information into sent data) has been published on https://t.co/KxFjT4NYKj
@WolfgangSesin
26 Jan 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-24858: HIGH] Urgent: Develocity (formerly Gradle Enterprise) vulnerability exposes hashed passwords if attacker has network access pre-2024.3.1. Severity depends on server accessibility.#cybersecurity,#vulnerability https://t.co/fNlSFaECt2 https://t.co/EBtvKejzZQ
@CveFindCom
26 Jan 2025
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24858 Unauthorized Network Access Reveals Hashed Password in Develocity Servers https://t.co/kfiodjhsyd
@VulmonFeeds
26 Jan 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24858 Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system u… https://t.co/TyV4886KFq
@CVEnew
26 Jan 2025
783 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes