PT-2025-17328 · Unknown · Daenetip4 Meto
Mohamed Shahat
·
Published
2025-04-18
·
Updated
2026-01-27
·
CVE-2025-28242
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
DAEnetIP4 METO version 1.25
Description
The issue is related to improper session management in the "/login ok.htm" endpoint, which allows attackers to execute a session hijacking attack.
Recommendations
For DAEnetIP4 METO version 1.25, consider restricting access to the "/login ok.htm" endpoint until a patch is available. As a temporary workaround, review and strengthen session management practices to minimize the risk of session hijacking attacks.
Exploit
Fix
Session Fixation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Daenetip4 Meto