vantage6 — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in vantage6, with AI-generated Chinese analysis, references, and POCs.

Vendor: vantage6

CVE ID	Title	CVSS	Severity	Published
CVE-2025-43866	Vantage6 Server JWT secret not cryptographically secure CWE-330	6.5^AI	Medium^AI	2025-06-12
CVE-2025-43863	vantage6 lacks brute-force protection on change password functionality CWE-307	8.8^AI	High^AI	2025-06-12
CVE-2024-32969	vantage6 collaboration admins can extend their influence by expanding the collaboration CWE-284	2.7	Low	2024-05-23
CVE-2024-23823	CORS settings overly permissive in vantage6 CWE-942	4.2	Medium	2024-03-14
CVE-2024-24770	Username timing attack on recover password/MFA token in vantage6 CWE-362	5.3	Medium	2024-03-14
CVE-2024-22193	vantage6 unencrypted task can be created in encrypted collaboration CWE-922	3.5	Low	2024-01-30
CVE-2024-21671	vantage6 username timing attack CWE-208	3.7	Low	2024-01-30
CVE-2024-21653	vantage6 insecure SSH configuration for node and server containers CWE-284	6.5	Medium	2024-01-30
CVE-2024-21649	Remote code execution CWE-94	8.8	High	2024-01-30
CVE-2023-47631	vantage6 Node accepts non-whitelisted algorithms from malicious server CWE-345	7.2	High	2023-11-14
CVE-2023-41882	vantage6 Improper Access Control vulnerability CWE-863	5.4	Medium	2023-10-11
CVE-2023-41881	Deleting a collaboration should also delete linked resources CWE-200	3.7	Low	2023-10-11
CVE-2023-28635	Defining resource name as integer in vantage6 may give unintended access CWE-863	5.4	Medium	2023-10-11
CVE-2023-23930	vantage6's Pickle serialization is insecure CWE-502	5.5	Medium	2023-10-11
CVE-2023-23929	Refresh tokens do not expire in Vantage6 CWE-613	8.8	High	2023-03-03
CVE-2023-22738	Improper Preservation of Permissions in vantage6 CWE-281	6.3	Medium	2023-03-01
CVE-2022-39228	Observable Response Discrepancy in vantage6 CWE-204	5.3	Medium	2023-03-01

All 17 known CVE vulnerabilities affecting vantage6 with full Chinese analysis, references, and POCs where available.