CVE-2025-36758

It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle.

CVSS

No CVSS.

References

Link	Resource
https://csirt.divd.nl/CVE-2025-36758
https://csirt.divd.nl/DIVD-2025-00015

Configurations

No configuration.

History

10 Sep 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-10 09:15

Updated : 2025-09-11 17:14

NVD link : CVE-2025-36758

Mitre link : CVE-2025-36758

CVE.ORG link : CVE-2025-36758

JSON object : View

Products Affected

No product.

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

{"id": "CVE-2025-36758", "cveTags": [{"tags": ["exclusively-hosted-service"], "sourceIdentifier": "csirt@divd.nl"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "csirt@divd.nl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-09-10T09:15:32.297", "references": [{"url": "https://csirt.divd.nl/CVE-2025-36758", "source": "csirt@divd.nl"}, {"url": "https://csirt.divd.nl/DIVD-2025-00015", "source": "csirt@divd.nl"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "csirt@divd.nl", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle."}], "lastModified": "2025-09-11T17:14:10.147", "sourceIdentifier": "csirt@divd.nl"}

CVE-2025-36758

JSON object

Attach tags to CVE-2025-36758

Attach tags to `CVE-2025-36758`