CVE-2025-4528
4.3 MEDIUMA weakness has been identified in Dígitro NGC Explorer up to 3.44.15/3.48.21
Published: 2025-05-11 · Last updated: 2026-05-27
Severity and scoring
- CVSS
- 4.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- CWE
- CWE-613
Affected products
| Vendor | Product |
|---|---|
| digitro | ngc_explorer |
Description
A weakness has been identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. This affects an unknown function. Executing a manipulation can lead to session expiration. The attack can be launched remotely. Upgrading to version 3.48.22 mitigates this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-4528
- [Other]https://digitro.com/recomendacao-10-2026-ctir-gov/
- [Other]https://vuldb.com/submit/565309
- [Other]https://vuldb.com/vuln/308273
- [Other]https://vuldb.com/vuln/308273/cti
- [Other]https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026
Related CVEs
Same vendor
- CVE-2025-4527 — A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21 (3.7 LOW)
- CVE-2025-4526 — A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21 (4.3 MEDIUM)
Same CWE
- CVE-2026-46657 — Bludit is a content management system (7.1 HIGH)
- CVE-2026-46656 — Bludit is a content management system (8.8 HIGH)
- CVE-2026-46401 — HAX CMS helps manage microsite universe with PHP or NodeJs backends
- CVE-2026-48726 — A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: t... (6.5 MEDIUM)
- CVE-2026-44648 — SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generat... (7.5 HIGH)