CVE-2025-4527
3.7 LOWA security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21
Published: 2025-05-11 · Last updated: 2026-05-27
Severity and scoring
- CVSS
- 3.7 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-602
Affected products
| Vendor | Product |
|---|---|
| digitro | ngc_explorer |
Description
A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. Upgrading to version 3.48.22 is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-4527
- [Other]https://digitro.com/recomendacao-10-2026-ctir-gov/
- [Other]https://vuldb.com/submit/565308
- [Other]https://vuldb.com/vuln/308272
- [Other]https://vuldb.com/vuln/308272/cti
- [Other]https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026
Related CVEs
Same vendor
- CVE-2025-4528 — A weakness has been identified in Dígitro NGC Explorer up to 3.44.15/3.48.21 (4.3 MEDIUM)
- CVE-2025-4526 — A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21 (4.3 MEDIUM)
Same CWE
- CVE-2026-11287 — Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compro... (6.5 MEDIUM)
- CVE-2026-11267 — Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install... (4.3 MEDIUM)
- CVE-2026-11236 — Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised th... (8.3 HIGH)
- CVE-2026-11184 — Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restricti... (6.3 MEDIUM)
- CVE-2026-11092 — Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a... (8.8 HIGH)