CVE-2025-27408

Name of the Vulnerable Software and Affected Versions Manifest versions prior to 4.9.1

Description The issue is related to a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same hash, making it easier for attackers to identify and exploit patterns, thereby accelerating the cracking process.

Recommendations For versions prior to 4.9.1, update to version 4.9.1 to fix the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.