CVE-2025-14751

A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-05

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Un usuario de bajo privilegio puede omitir las credenciales de la cuenta sin confirmar el estado de autenticación actual del usuario, lo que puede llevar a una escalada de privilegios no autorizada.

22 Jan 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-22 22:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-14751

Mitre link : CVE-2025-14751

CVE.ORG link : CVE-2025-14751

JSON object : View

Products Affected

No product.

CWE

CWE-620

Unverified Password Change

{"id": "CVE-2025-14751", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-22T22:16:14.963", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-05", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-620"}]}], "descriptions": [{"lang": "en", "value": "A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation."}, {"lang": "es", "value": "Un usuario de bajo privilegio puede omitir las credenciales de la cuenta sin confirmar el estado de autenticaci\u00f3n actual del usuario, lo que puede llevar a una escalada de privilegios no autorizada."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "ics-cert@hq.dhs.gov"}

CVE-2025-14751

JSON object

Attach tags to CVE-2025-14751

Attach tags to `CVE-2025-14751`