一、 漏洞 CVE-2025-14295 基础信息
漏洞信息
# WebCTRL和i-Vu会话固定漏洞
N/A
神龙判断
是否为 Web 类漏洞: 未知
判断理由:
N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Automated Logic WebCTRL and Carrier i-Vu Session Fixation
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access stored passwords in a recoverable format which makes them subject to password reuse attacks by malicious users.This issue affects WebCTRL: from 6.0 through 9.0; i-Vu: from 6.0 through 9.0.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
以可恢复格式存储口令
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2025-14295 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
三、漏洞 CVE-2025-14295 的情报信息
标题: Advisories & Resources | Product Security | Carrier Corporate -- 🔗来源链接
标签:
神龙速读:从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. **漏洞编号和日期**: - 漏洞编号:CARR-PSA-2024-04 - 发布日期:2024年11月21日 2. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 3. **漏洞描述**: - 漏洞类型:Unrestricted File Upload and Open Redirect vulnerabilities 4. **CVE编号**: - CVE-2024-8525 - CVE-2024-8526 5. **ICSAC编号**: - ICSA-24-326-01 6. **受影响的产品**: - 产品:Viessmann Vitogate 300 7. **漏洞描述**: - 漏洞类型:Viessmann Vitogate 300 vulnerabilities 8. **CVE编号**: - CVE-2023-5222 - CVE-2023-5702 - CVE-2023-45852 9. **受影响的产品**: - 产品:Progress Software MOVEit vulnerabilities 10. **漏洞描述**: - 漏洞类型:Apache Shiro authentication bypass vulnerabilities 11. **CVE编号**: - Not Applicable 12. **受影响的产品**: - 产品:OpenSSL 3.0 vulnerabilities 13. **漏洞描述**: - 漏洞类型:Text4Shell Remote code execution vulnerability 14. **CVE编号**: - Not Applicable 15. **受影响的产品**: - 产品:Spring4Shell Remote code execution vulnerability 16. **漏洞描述**: - 漏洞类型:Okta - Lapsus$ Compromise summary 17. **CVE编号**: - Not Applicable 18. **受影响的产品**: - 产品:Log4j Remote code execution vulnerabilities 19. **漏洞描述**: - 漏洞类型:Weak authentication and communication channel vulnerabilities 20. **CVE编号**: - Not Applicable 21. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 22. **漏洞描述**: - 漏洞类型:Open redirect vulnerability 23. **CVE编号**: - Not Applicable 24. **受影响的产品**: - 产品:Hills ComNav 25. **漏洞描述**: - 漏洞类型:Weak authentication and communication channel vulnerabilities 26. **CVE编号**: - Not Applicable 27. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 28. **漏洞描述**: - 漏洞类型:Open redirect vulnerability 29. **CVE编号**: - Not Applicable 30. **受影响的产品**: - 产品:Hills ComNav 31. **漏洞描述**: - 漏洞类型:Weak authentication and communication channel vulnerabilities 32. **CVE编号**: - Not Applicable 33. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 34. **漏洞描述**: - 漏洞类型:Open redirect vulnerability 35. **CVE编号**: - Not Applicable 36. **受影响的产品**: - 产品:Hills ComNav 37. **漏洞描述**: - 漏洞类型:Weak authentication and communication channel vulnerabilities 38. **CVE编号**: - Not Applicable 39. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 40. **漏洞描述**: - 漏洞类型:Open redirect vulnerability 41. **CVE编号**: - Not Applicable 42. **受影响的产品**: - 产品:Hills ComNav 43. **漏洞描述**: - 漏洞类型:Weak authentication and communication channel vulnerabilities 44. **CVE编号**: - Not Applicable 45. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 46. **漏洞描述**: - 漏洞类型:Open redirect vulnerability 47. **CVE编号**: - Not Applicable 48. **受影响的产品**: - 产品:Hills ComNav 49. **漏洞描述**: - 漏洞类型:Weak authentication and communication channel vulnerabilities 50. **CVE编号**: - Not Applicable 51. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 52. **漏洞描述**: - 漏洞类型:Open redirect vulnerability 53. **CVE编号**: - Not Applicable 54. **受影响的产品**: - 产品:Hills ComNav 55. **漏洞描述**: - 漏洞类型:Weak authentication and communication channel vulnerabilities 56. **CVE编号**: - Not Applicable 57. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 58. **漏洞描述**: - 漏洞类型:Open redirect vulnerability 59. **CVE编号**: - Not Applicable 60. **受影响的产品**: - 产品:Hills ComNav 61. **漏洞描述**: - 漏洞类型:Weak authentication and communication channel vulnerabilities 62. **CVE编号**: - Not Applicable 63. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 64. **漏洞描述**: - 漏洞类型:Open redirect vulnerability 65. **CVE编号**: - Not Applicable 66. **受影响的产品**: - 产品:Hills ComNav 67. **漏洞描述**: - 漏洞类型:Weak authentication and communication channel vulnerabilities 68. **CVE编号**: - Not Applicable 69. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 70. **漏洞描述**: - 漏洞类型:Open redirect vulnerability 71. **CVE编号**: - Not Applicable 72. **受影响的产品**: - 产品:Hills ComNav 73. **漏洞描述**: - 漏洞类型:Weak authentication and communication channel vulnerabilities 74. **CVE编号**: - Not Applicable 75. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 76. **漏洞描述**: - 漏洞类型:Open redirect vulnerability 77. **CVE编号**: - Not Applicable 78. **受影响的产品**: - 产品:Hills ComNav 79. **漏洞描述**: - 漏洞类型:Weak authentication and communication channel vulnerabilities 80. **CVE编号**: - Not Applicable 81. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 82. **漏洞描述**: - 漏洞类型:Open redirect vulnerability 83. **CVE编号**: - Not Applicable 84. **受影响的产品**: - 产品:Hills ComNav 85. **漏洞描述**: - 漏洞类型:Weak authentication and communication channel vulnerabilities 86. **CVE编号**: - Not Applicable 87. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 88. **漏洞描述**: - 漏洞类型:Open redirect vulnerability 89. **CVE编号**: - Not Applicable 90. **受影响的产品**: - 产品:Hills ComNav 91. **漏洞描述**: - 漏洞类型:Weak authentication and communication channel vulnerabilities 92. **CVE编号**: - Not Applicable 93. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 94. **漏洞描述**: - 漏洞类型:Open redirect vulnerability 95. **CVE编号**: - Not Applicable 96. **受影响的产品**: - 产品:Hills ComNav 97. **漏洞描述**: - 漏洞类型:Weak authentication and communication channel vulnerabilities 98. **CVE编号**: - Not Applicable 99. **受影响的产品**: - 产品:Automated Logic WebCTRL & Carrier i-Vu 100. **漏洞描述**: - 漏洞类型:Open redirect vulnerability 101. **CVE编号**: - Not Applicable 102. **受影响的产品**: - 产品:H
- https://nvd.nist.gov/vuln/detail/CVE-2025-14295
四、漏洞 CVE-2025-14295 的评论
暂无评论