CVE-2025-4552

Name of the Vulnerable Software and Affected Versions ContiNew Admin versions up to 3.6.0

Description A vulnerability has been found in ContiNew Admin, allowing for unverified password change. The issue affects an unknown functionality of the file "/dev-api/system/user/1/password". This can be exploited remotely. The vendor was contacted about the disclosure but did not respond.

Recommendations For ContiNew Admin versions up to 3.6.0, as a temporary workaround, consider restricting access to the "/dev-api/system/user/1/password" endpoint until a patch is available. Avoid using this endpoint for password changes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.