Vulnerability in Wormhole Tech Gpm

CVE-2025-4558

The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.

EPSS: 0.004 (35.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-4558?
CVE-2025-4558 is a critical-severity vulnerability in Wormhole Tech Gpm, classified under CWE-620. CVSS score: 9.8/10. Published 2025-05-12.
How severe is CVE-2025-4558?
Critical severity. CVSS v3 base score is 9.8 out of 10.