PT-2025-10002 · Netsweeper · Netsweeper Server

Published

2025-03-06

Updated

2025-03-07

CVE-2025-25497

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Netsweeper Server versions prior to 8.2.7

Description The issue in the account management interface allows unauthorized changes to the Account Owner field due to client-side-only restrictions and a lack of server-side validation. This enables account ownership reassignment to or away from any user.

Recommendations For versions prior to 8.2.7, update to version 8.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the account management interface until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-602

Related Identifiers

CVE-2025-25497

Affected Products

Netsweeper Server

PT-2025-10002 · Netsweeper · Netsweeper Server

CVE-2025-25497

Weakness Enumeration

Related Identifiers

Affected Products

References · 8