CVE-2025-57434

high

Description

Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows.

References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57434

http://www.creacast.com/

Details

Source: Mitre, NVD

Published: 2025-09-22

Updated: 2025-10-14

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00063