CVE-2025-4558

Name of the Vulnerable Software and Affected Versions WormHole Tech GPM versions prior to 202502

Description The issue allows unauthenticated remote attackers to change any user's password and use the modified password to log into the system. This is due to an Unverified Password Change vulnerability. Remote attackers can exploit this to gain unauthorized access to the system.

Recommendations For versions prior to 202502, update to a version 202502 or later to resolve the issue. As a temporary workaround, consider restricting access to password change functionality until a patch is available. Avoid using password change features in the affected GPM until the issue is resolved.