CVE-2025-43863

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 4.11

Description The issue concerns an open-source framework designed for privacy-enhancing technologies such as Federated Learning and Multi-Party Computation. If an attacker gains access to an authenticated session, they can exploit the change password functionality to brute-force the user password. This is possible because the change password route can be called infinitely, providing feedback on incorrect passwords until the correct one is entered.

Recommendations For versions prior to 4.11, update to version 4.11 to resolve the issue.