{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-41257", "assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "state": "PUBLISHED", "assignerShortName": "sba-research", "dateReserved": "2025-04-16T09:37:50.631Z", "datePublished": "2026-03-04T22:43:53.077Z", "dateUpdated": "2026-03-04T22:43:53.077Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "BioStar 2", "vendor": "Suprema", "versions": [{"status": "affected", "version": "2.9.11.6"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jakob Hagl (SBA Research)"}, {"lang": "en", "type": "finder", "value": "Marija Radosavljevi\u0107 (SBA Research)"}, {"lang": "en", "type": "finder", "value": "Fabian Funder (SBA Research)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div>Suprema\u2019s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.</div></div>"}], "value": "Suprema\u2019s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "shortName": "sba-research", "dateUpdated": "2026-03-04T22:43:53.077Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251104-02_Suprema_BioStar_2_Insecure_Password_Change"}, {"tags": ["product"], "url": "https://www.supremainc.com/en/platform/hybrid-security-platform-biostar-2.asp"}], "source": {"discovery": "UNKNOWN"}, "title": "Suprema BioStar 2 Insecure Password Change", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Suprema\u2019s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise."}], "id": "CVE-2025-41257", "lastModified": "2026-03-04T23:16:09.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary"}]}, "published": "2026-03-04T23:16:09.713", "references": [{"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251104-02_Suprema_BioStar_2_Insecure_Password_Change"}, {"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "url": "https://www.supremainc.com/en/platform/hybrid-security-platform-biostar-2.asp"}], "sourceIdentifier": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary"}]}

{}