CNNVD-202509-4064 Information

CNNVD ID

CNNVD-202509-4064

Related CVE

CVE-2025-45994

• CNNVD Published: 2025-09-26

Description (Chinese)

Aranda PassRecovery是哥伦比亚Aranda公司的一款密码恢复工具。 Aranda PassRecovery 1.0版本存在安全漏洞，该漏洞源于未验证特制POST请求，可能导致Active Directory中有效用户账户枚举。

Description (English)

Aranda PassRecovery is a password restoration tool for the company Aranda of Colombia. There is a security loophole in version 1.0 of Aranda PassRecovery, which originates from unverified specific POST requests and may lead to the listing of valid user accounts in Active Directory.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Aranda

Published

2025-09-26

Last Modified

2026-02-24

References

https://arandasoft.com/en/productos/password-recovery/ https://github.com/spoNge369/CVE/blob/main/CVE-2025-45994/README.md