PT-2025-11665 · Shearwater · Shearwater Securenvoy Securaccess

Published

2025-03-19

Updated

2025-03-19

CVE-2025-30235

CVSS v3.1

3.5

Low

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Shearwater SecurEnvoy SecurAccess Enrol versions prior to 9.4.515

Description The issue concerns the mishandling of concurrent authentication attempts. Shearwater SecurEnvoy SecurAccess Enrol is intended to disable accounts after more than 10 failed authentication attempts, but due to incorrect handling of simultaneous attempts, it allows hundreds of failed authentication attempts instead.

Recommendations For versions prior to 9.4.515, update to version 9.4.515 or later to resolve the issue.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2025-30235

Affected Products

Shearwater Securenvoy Securaccess

PT-2025-11665 · Shearwater · Shearwater Securenvoy Securaccess

CVE-2025-30235

Weakness Enumeration

Related Identifiers

Affected Products

References · 7