CVE-2025-48952

Name of the Vulnerable Software and Affected Versions: NetAlertX versions prior to 25.6.7

Description: NetAlertX is a network, presence scanner, and alert framework. A vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes due to a loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the == operator at line 40 in front/index.php. This allows specially crafted "magic hash" values to bypass authentication because the == operator, instead of the strict === operator, can interpret strings starting with '0e' followed by digits as scientific notation (zero). This issue is classified as a Login Bypass vulnerability. Services relying on this logic are at risk of unauthorized access. Approximately 109 services are potentially affected worldwide.

Recommendations: Upgrade to NetAlertX version 25.6.7 or later.