CVE-2025-1341

Name of the Vulnerable Software and Affected Versions: PMWeb version 7.2.0

Description: A problem has been detected in the Setting Handler component, leading to weak password requirements. The attack can be initiated remotely and has a high complexity, making exploitation difficult. The exploit has been made public and can be used. It is recommended to change the configuration settings to mitigate the issue. The vendor was contacted about this disclosure but did not respond.

Recommendations: To resolve the issue in PMWeb version 7.2.0, change the configuration settings to enforce stronger password requirements. As a temporary workaround, consider restricting access to the Setting Handler component until a more permanent solution is available.