CVE-2025-66304

Description

# Exposure of Password Hashes Leading to privilege escalation **Severity Rating:** Medium **Vector:** Privilege Escalation **CVE:** XXX **CWE:** 200 - Exposure of Sensitive Information **CVSS Score:** 6.2 **CVSS Vector:** CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L ## Analysis It was observed that if a users is given read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack these password hashes. An attacker with read access can: * View and potentially crack the password hashes. * Gain administrative access by cracking the admin password hash. * Escalate privileges and compromise the entire admin panel. ## Proof of Concept 1) Give read access to user accounts to a random user as shown in the following figures: ![grav0](https://github.com/user-attachments/assets/020a4b47-e577-49cb-8392-bfb61491199d) ![grav2](https://github.com/user-attachments/assets/97fbfc46-c541-4559-9541-2b9b5de86c0e) 2) Log in to the admin panel with an account that has read access to user accounts and navigate to the user account management section. 3) Go to the admin profile `http://127.0.0.1/admin/accounts/users/admin`; The password is not display. Try inspecting the page source code as shown in the following figures: ![grav2-1](https://github.com/user-attachments/assets/057c9c14-f928-4584-99ae-4939f63dda57) You can see that it match the hash that is in the admin.yaml file : ![Compare to the hash in database of the admin](grav2-2.png) 4) Crack the hash as shown in the following figure, the algorithm use here is bcrypt: ![grav3](https://github.com/user-attachments/assets/ec334f80-4b87-4010-a834-cb92704a596e) ## Workarounds No workaround is currently known # Timeline **2024-07-24** Issue identified **2024-09-27** Vendor contacted # About X41 D-Sec GmbH X41 is an expert provider for application security services. Having extensive industry experience and expertise in the area of information security, a strong core security team of world class security experts enables X41 to perform premium security services. Fields of expertise in the area of application security are security centered code reviews, binary reverse engineering and vulnerability discovery. Custom research and IT security consulting and support services are core competencies of X41.

How to fix CVE-2025-66304

To remediate CVE-2025-66304, upgrade the affected package to a fixed version below.

Description

How to fix CVE-2025-66304

Is CVE-2025-66304 being exploited?

Affected packages (1)

CVSS scores

References (4)