mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
1.1 KiB
1.1 KiB
CVE-2025-7204
Description
In ConnectWise PSA versions older than 2025.9, avulnerability exists where authenticated users could gain access to sensitiveuser information. Specific API requests were found to return an overly verboseuser object, which included encrypted password hashes for other users.Authenticated users could then retrieve these hashes. Anattacker or privileged user could then use these exposed hashes to conductoffline brute-force or dictionary attacks. Such attacks could lead tocredential compromise, allowing unauthorized access to accounts, andpotentially privilege escalation within the system.
POC
Reference
No PoCs from references.