{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4526", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-05-10T05:29:51.012Z", "datePublished": "2025-05-11T01:00:06.924Z", "dateUpdated": "2026-05-27T14:33:37.053Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-27T14:33:37.053Z"}, "title": "D\u00edgitro NGC Explorer Configuration missing password field masking", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-549", "lang": "en", "description": "Missing Password Field Masking"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "Information Disclosure"}]}], "affected": [{"vendor": "D\u00edgitro", "product": "NGC Explorer", "versions": [{"version": "3.44.0", "status": "affected"}, {"version": "3.44.1", "status": "affected"}, {"version": "3.44.2", "status": "affected"}, {"version": "3.44.3", "status": "affected"}, {"version": "3.44.4", "status": "affected"}, {"version": "3.44.5", "status": "affected"}, {"version": "3.44.6", "status": "affected"}, {"version": "3.44.7", "status": "affected"}, {"version": "3.44.8", "status": "affected"}, {"version": "3.44.9", "status": "affected"}, {"version": "3.44.10", "status": "affected"}, {"version": "3.44.11", "status": "affected"}, {"version": "3.44.12", "status": "affected"}, {"version": "3.44.13", "status": "affected"}, {"version": "3.44.14", "status": "affected"}, {"version": "3.44.15", "status": "affected"}, {"version": "3.48.0", "status": "affected"}, {"version": "3.48.1", "status": "affected"}, {"version": "3.48.2", "status": "affected"}, {"version": "3.48.3", "status": "affected"}, {"version": "3.48.4", "status": "affected"}, {"version": "3.48.5", "status": "affected"}, {"version": "3.48.6", "status": "affected"}, {"version": "3.48.7", "status": "affected"}, {"version": "3.48.8", "status": "affected"}, {"version": "3.48.9", "status": "affected"}, {"version": "3.48.10", "status": "affected"}, {"version": "3.48.11", "status": "affected"}, {"version": "3.48.12", "status": "affected"}, {"version": "3.48.13", "status": "affected"}, {"version": "3.48.14", "status": "affected"}, {"version": "3.48.15", "status": "affected"}, {"version": "3.48.16", "status": "affected"}, {"version": "3.48.17", "status": "affected"}, {"version": "3.48.18", "status": "affected"}, {"version": "3.48.19", "status": "affected"}, {"version": "3.48.20", "status": "affected"}, {"version": "3.48.21", "status": "affected"}, {"version": "3.48.22", "status": "unaffected"}], "cpes": ["cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:*"], "modules": ["Configuration Page"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in D\u00edgitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing password field masking. It is possible to launch the attack remotely. Upgrading to version 3.48.22 is sufficient to fix this issue. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2025-05-10T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-05-10T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-05-27T16:38:20.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "j369 (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/308271", "name": "VDB-308271 | D\u00edgitro NGC Explorer Configuration missing password field masking", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/308271/cti", "name": "VDB-308271 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/565307", "name": "Submit #565307 | D\u00edgitro NGC Explorer 3.44.15 Plaintext Password in Configuration File", "tags": ["third-party-advisory"]}, {"url": "https://digitro.com/recomendacao-10-2026-ctir-gov/", "tags": ["patch"]}, {"url": "https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026", "tags": ["related"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-12T14:38:09.297067Z", "id": "CVE-2025-4526", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-12T14:38:15.234Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4526", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-12T14:38:09.297067Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-12T14:38:12.240Z"}}], "cna": {"title": "D\u00edgitro NGC Explorer Configuration missing password field masking", "credits": [{"lang": "en", "type": "reporter", "value": "j369 (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:*"], "vendor": "D\u00edgitro", "modules": ["Configuration Page"], "product": "NGC Explorer", "versions": [{"status": "affected", "version": "3.44.0"}, {"status": "affected", "version": "3.44.1"}, {"status": "affected", "version": "3.44.2"}, {"status": "affected", "version": "3.44.3"}, {"status": "affected", "version": "3.44.4"}, {"status": "affected", "version": "3.44.5"}, {"status": "affected", "version": "3.44.6"}, {"status": "affected", "version": "3.44.7"}, {"status": "affected", "version": "3.44.8"}, {"status": "affected", "version": "3.44.9"}, {"status": "affected", "version": "3.44.10"}, {"status": "affected", "version": "3.44.11"}, {"status": "affected", "version": "3.44.12"}, {"status": "affected", "version": "3.44.13"}, {"status": "affected", "version": "3.44.14"}, {"status": "affected", "version": "3.44.15"}, {"status": "affected", "version": "3.48.0"}, {"status": "affected", "version": "3.48.1"}, {"status": "affected", "version": "3.48.2"}, {"status": "affected", "version": "3.48.3"}, {"status": "affected", "version": "3.48.4"}, {"status": "affected", "version": "3.48.5"}, {"status": "affected", "version": "3.48.6"}, {"status": "affected", "version": "3.48.7"}, {"status": "affected", "version": "3.48.8"}, {"status": "affected", "version": "3.48.9"}, {"status": "affected", "version": "3.48.10"}, {"status": "affected", "version": "3.48.11"}, {"status": "affected", "version": "3.48.12"}, {"status": "affected", "version": "3.48.13"}, {"status": "affected", "version": "3.48.14"}, {"status": "affected", "version": "3.48.15"}, {"status": "affected", "version": "3.48.16"}, {"status": "affected", "version": "3.48.17"}, {"status": "affected", "version": "3.48.18"}, {"status": "affected", "version": "3.48.19"}, {"status": "affected", "version": "3.48.20"}, {"status": "affected", "version": "3.48.21"}, {"status": "unaffected", "version": "3.48.22"}]}], "timeline": [{"lang": "en", "time": "2025-05-10T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-05-10T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-05-27T16:38:20.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/308271", "name": "VDB-308271 | D\u00edgitro NGC Explorer Configuration missing password field masking", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/308271/cti", "name": "VDB-308271 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/565307", "name": "Submit #565307 | D\u00edgitro NGC Explorer 3.44.15 Plaintext Password in Configuration File", "tags": ["third-party-advisory"]}, {"url": "https://digitro.com/recomendacao-10-2026-ctir-gov/", "tags": ["patch"]}, {"url": "https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026", "tags": ["related"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in D\u00edgitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing password field masking. It is possible to launch the attack remotely. Upgrading to version 3.48.22 is sufficient to fix this issue. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-549", "description": "Missing Password Field Masking"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "Information Disclosure"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-27T14:33:37.053Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4526", "state": "PUBLISHED", "dateUpdated": "2026-05-27T14:33:37.053Z", "dateReserved": "2025-05-10T05:29:51.012Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-05-11T01:00:06.924Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digitro:ngc_explorer:3.44.15:*:*:*:*:*:*:*", "matchCriteriaId": "E62990A8-47F0-4E03-9119-1980C3AB230E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in D\u00edgitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing password field masking. It is possible to launch the attack remotely. Upgrading to version 3.48.22 is sufficient to fix this issue. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en D\u00edgitro NGC Explorer 3.44.15. Esta afecta a una parte desconocida de la p\u00e1gina de configuraci\u00f3n del componente. La manipulaci\u00f3n provoca la omisi\u00f3n del enmascaramiento del campo de contrase\u00f1a. Es posible iniciar el ataque puede ejecutarse en remoto. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3."}], "id": "CVE-2025-4526", "lastModified": "2026-05-27T15:16:24.160", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-05-11T01:15:52.000", "references": [{"source": "cna@vuldb.com", "url": "https://digitro.com/recomendacao-10-2026-ctir-gov/"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/565307"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/308271"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/308271/cti"}, {"source": "cna@vuldb.com", "url": "https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-549"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{}