CVE-2025-10204
Last modified
CVE-2025-10204 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to change the administrator password without verifying login status or user permissions.. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to change the administrator password without verifying login status or user permissions.
Metrics
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2025-10204?
How severe is CVE-2025-10204?
How do I fix CVE-2025-10204?
Are you affected by CVE-2025-10204?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST