CVE-2025-30235

Published Mar 19, 2025

Last updated 17 days ago

CVSS low 3.5

Overview

Description
Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled.
Source
cve@mitre.org
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
3.5
Impact score
1.4
Exploitability score
1.8
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Severity
LOW

Weaknesses

cve@mitre.org
CWE-362

Social media

Hype score
Not currently trending

  1. CVE-2025-30235 Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows h… https://t.co/T9l8zRiXJl

    @CVEnew

    19 Mar 2025

    424 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References