CVE-2025-22375

Authentication Bypass in CyberAudit-Web

CVE

CVE-2025-22375

Title

Authentication Bypass in CyberAudit-Web

Credits

Hidde Smit (DIVD) (finder)
Wietse Boonstra (DIVD) (finder)
Max van der Horst (DIVD) (analyst)

Affected products

Product	Affected	Unaffected	Unknown
Videx Inc. CyberAudit-Web	= <= 9.5 ()
Videx Inc. CyberAudit-Web		everything else

CVSS

Base score	9.3 - CRITICAL
Attack Vector	NETWORK
Attack Complexity>	LOW
Attack Requirements	NONE
Privileges Required	NONE
Confidentiality Impact
Vulnerable system	HIGH	Subsequent systems	NONE
Integrity Impact
Vulnerable system	HIGH	Subsequent systems	NONE
Availability Impact
Vulnerable system	HIGH	Subsequent systems	NONE
Safety impact	NEGLIGIBLE
Automatable	YES
Recovery	AUTOMATIC
Value Density	DIFFUSE
Vulnerability Response effort	LOW
Provider Urgency	GREEN

References

https://csirt.divd.nl/CVE-2025-22375 ( third-party-advisory )
https://csirt.divd.nl/DIVD-2024-00043/ ( third-party-advisory )

Problem type(s)

CWE-287 Improper Authentication

Impact(s)

CAPEC-115 Authentication Bypass

Date published

Last modified

Description

An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a patch has been made available to all instances of CyberAudit-Web, including the versions that are End of Maintenance (EOM). Anyone that requires support with the resolution of this issue can contact support@videx.com for assistance.

JSON version.

DIVD CSIRT

CVE-2025-22375

Authentication Bypass in CyberAudit-Web

Description