CVE-2025-4286
published 2025-05-05CVE-2025-4286: A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component…
PriorityP431medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
0.43%
34.1th percentile
A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release.
Affected
61 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
| intelbras | incontrol | — | — |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.03.3LOWAV:N/AC:L/Au:M/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mattermost doesn't check if {{team_id}} was being changed when updating playbooks
ghsa·2026-05-18
CVE-2026-4286 [LOW] CWE-863 Mattermost doesn't check if {{team_id}} was being changed when updating playbooks
Mattermost doesn't check if {{team_id}} was being changed when updating playbooks
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to check if {{team_id}} was being changed when updating playbooks, allowing users with only {{Manage Playbook Configurations}} permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID: MMSA-2025-00552
GHSA
GHSA-5vrx-97jq-34j7: A vulnerability was found in Intelbras InControl up to 2
ghsa_unreviewed·2025-05-05
CVE-2025-4286 [MEDIUM] GHSA-5vrx-97jq-34j7: A vulnerability was found in Intelbras InControl up to 2
A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-05-05
Published