CVE-2025-48952: NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to by...

Description

NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the `==` operator at line 40 in front/index.php. This introduces a security issue where specially crafted "magic hash" values that evaluate to true in a loose comparison can bypass authentication. Because of the use of `==` instead of the strict `===`, different strings that begin with 0e and are followed by only digits can be interpreted as scientific notation (i.e., zero) and treated as equal. This issue falls under the Login Bypass vulnerability class. Users with certain "weird" passwords that produce magic hashes are particularly affected. Services relying on this logic are at risk of unauthorized access. Version 25.6.7 fixes the vulnerability.

Metrics

CVSS 3.1

9.4/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

EPSS Probability

0.50%

38.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-697

Affected Software

Vendor	Product	Versions
Netalertx	Netalertx	< 25.6.7

References

https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-4p4p-vq2v-9489Exploit, Vendor Advisory
https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-4p4p-vq2v-9489Exploit, Vendor Advisory

Timeline

Published: Jul 4, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-48952?

NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the `==` operator at line 40 in front/index.php. This introduces a security issue where specially crafted "magic hash" values that evaluate to true in a loose comparison can bypass authentication. Because of the use of `==` instead of the strict `===`, different strings that begin with 0e and are followed by only digits can be interpreted as scientific notation (i.e., zero) and treated as equal. This issue falls under the Login Bypass vulnerability class. Users with certain "weird" passwords that produce magic hashes are particularly affected. Services relying on this logic are at risk of unauthorized access. Version 25.6.7 fixes the vulnerability.

How severe is CVE-2025-48952?

CVE-2025-48952 has a CVSS score of 9.4/10 (CRITICAL severity). The EPSS model estimates a 0.50% probability of exploitation in the next 30 days.

How do I fix CVE-2025-48952?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.