CVE-2025-11322

Name of the Vulnerable Software and Affected Versions Mangati NovoSGA versions up to 2.2.12

Description A weakness exists in Mangati NovoSGA up to version 2.2.12 related to weak password requirements during user creation. The issue is located in the User Creation Page component, specifically within the /novosga.users/new file and involves manipulation of the Senha/Confirmação da senha argument. This can be exploited remotely, but requires a high level of complexity and is considered difficult to execute. The exploit has been published. The vendor was notified but did not respond.

Recommendations Versions prior to 2.2.12 should be updated.