CVE-2025-40653

User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine whether a username is valid or not, allowing a brute force attack on valid usernames.

CVSS

No CVSS.

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/user-enumeration-m3m-printer-server-web

Configurations

No configuration.

History

28 May 2025, 15:01

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de enumeración de usuarios en M3M Printer Server Web. Este problema ocurre durante la autenticación de usuarios, donde una diferencia en los mensajes de error podría permitir a un atacante determinar si un nombre de usuario es válido o no, lo que permite un ataque de fuerza bruta contra nombres de usuario válidos.

26 May 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-26 13:15

Updated : 2025-05-28 15:01

NVD link : CVE-2025-40653

Mitre link : CVE-2025-40653

CVE.ORG link : CVE-2025-40653

JSON object : View

Products Affected

No product.

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

{"id": "CVE-2025-40653", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-26T13:15:19.837", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/user-enumeration-m3m-printer-server-web", "source": "cve-coordination@incibe.es"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine whether a username is valid or not, allowing a brute force attack on valid usernames."}, {"lang": "es", "value": "Vulnerabilidad de enumeraci\u00f3n de usuarios en M3M Printer Server Web. Este problema ocurre durante la autenticaci\u00f3n de usuarios, donde una diferencia en los mensajes de error podr\u00eda permitir a un atacante determinar si un nombre de usuario es v\u00e1lido o no, lo que permite un ataque de fuerza bruta contra nombres de usuario v\u00e1lidos."}], "lastModified": "2025-05-28T15:01:30.720", "sourceIdentifier": "cve-coordination@incibe.es"}