CVE-2025-4528

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-4528
A weakness has been identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. This affects an unknown function. Executing a manipulation can lead to session expiration. The attack can be launched remotely. Upgrading to version 3.48.22 mitigates this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://digitro.com/recomendacao-10-2026-ctir-gov/
https://vuldb.com/submit/565309
https://vuldb.com/vuln/308273
https://vuldb.com/vuln/308273/cti
https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026
Configurations

Configuration 1 (hide)

cpe:2.3:a:digitro:ngc_explorer:*:*:*:*:*:*:*:*
History

27 May 2026, 15:16

Type Values Removed Values Added
References
  • {'url': 'https://vuldb.com/?ctiid.308273', 'tags': ['Permissions Required', 'VDB Entry'], 'source': 'cna@vuldb.com'}
  • {'url': 'https://vuldb.com/?id.308273', 'tags': ['Third Party Advisory', 'VDB Entry'], 'source': 'cna@vuldb.com'}
  • {'url': 'https://vuldb.com/?submit.565309', 'tags': ['Third Party Advisory', 'VDB Entry'], 'source': 'cna@vuldb.com'}
  • () https://digitro.com/recomendacao-10-2026-ctir-gov/ -
  • () https://vuldb.com/submit/565309 -
  • () https://vuldb.com/vuln/308273 -
  • () https://vuldb.com/vuln/308273/cti -
  • () https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026 -
Summary (en) A vulnerability was found in Dígitro NGC Explorer up to 3.44.15 and classified as problematic. This issue affects some unknown processing. The manipulation leads to session expiration. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. (en) A weakness has been identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. This affects an unknown function. Executing a manipulation can lead to session expiration. The attack can be launched remotely. Upgrading to version 3.48.22 mitigates this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.

10 Nov 2025, 15:24

Type Values Removed Values Added
First Time Digitro ngc Explorer
Digitro
CPE cpe:2.3:a:digitro:ngc_explorer:*:*:*:*:*:*:*:*
References () https://vuldb.com/?ctiid.308273 - () https://vuldb.com/?ctiid.308273 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.308273 - () https://vuldb.com/?id.308273 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.565309 - () https://vuldb.com/?submit.565309 - Third Party Advisory, VDB Entry

12 May 2025, 17:32

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en Dígitro NGC Explorer hasta la versión 3.44.15, clasificada como problemática. Este problema afecta a algunos procesos desconocidos. La manipulación provoca la expiración de la sesión. El ataque podría iniciarse remotamente. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió.

11 May 2025, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-11 03:15

Updated : 2026-05-27 15:16

NVD link : CVE-2025-4528

Mitre link : CVE-2025-4528

CVE.ORG link : CVE-2025-4528

JSON object : View

Products Affected

digitro

  • ngc_explorer
CWE
CWE-613

Insufficient Session Expiration