Vulnerability in Wormhole Tech Gpm
CVE-2025-4558
The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.
EPSS: 0.004 (35.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Wormhole Tech Gpm — versions 0
Weakness classification (CWE)
References
- twcert@cert.org.tw (third-party-advisory)
- twcert@cert.org.tw (third-party-advisory)
Frequently asked questions
- What is CVE-2025-4558?
- CVE-2025-4558 is a critical-severity vulnerability in Wormhole Tech Gpm, classified under CWE-620. CVSS score: 9.8/10. Published 2025-05-12.
- How severe is CVE-2025-4558?
- Critical severity. CVSS v3 base score is 9.8 out of 10.