Skip to main content

CVE-2025-3091: CWE-639 Authorization Bypass Through User-Controlled Key in MB connect line mbCONNECT24

High
VulnerabilityCVE-2025-3091cvecve-2025-3091cwe-639
Published: Tue Jun 24 2025 (06/24/2025, 08:10:29 UTC)
Source: CVE Database V5
Vendor/Project: MB connect line
Product: mbCONNECT24

Description

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.

AI-Powered Analysis

AILast updated: 06/24/2025, 08:39:57 UTC

Technical Analysis

CVE-2025-3091 is a high-severity authorization bypass vulnerability affecting the mbCONNECT24 product by MB connect line. The vulnerability is classified under CWE-639, which involves authorization bypass through user-controlled keys. Specifically, a low-privileged remote attacker who already possesses the second factor (such as a 2FA token or device) associated with another user can exploit this flaw to log in as that user without needing to know the user's password. This indicates a critical weakness in the authentication and authorization logic of mbCONNECT24, where possession of the second factor alone is sufficient to bypass password verification. The vulnerability has a CVSS v3.1 base score of 7.5, reflecting high severity, with the vector AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. This means the attack can be performed remotely over the network but requires high attack complexity and low privileges, with no user interaction needed. The impact affects confidentiality, integrity, and availability, as unauthorized access to user accounts could lead to data exposure, unauthorized actions, and potential service disruption. No patches or known exploits in the wild have been reported as of the publication date (June 24, 2025). The affected version is listed as '0', which may indicate an initial or unspecified version, suggesting that all current versions might be vulnerable until patched. The vulnerability was reserved on April 1, 2025, and published shortly after, indicating recent discovery and disclosure.

Potential Impact

For European organizations using mbCONNECT24, this vulnerability poses a significant risk. mbCONNECT24 is an industrial remote access and monitoring platform commonly used in industrial automation, manufacturing, and critical infrastructure sectors. Unauthorized access through this flaw could allow attackers to impersonate legitimate users, potentially gaining control over industrial devices, accessing sensitive operational data, or disrupting industrial processes. This could lead to operational downtime, safety hazards, intellectual property theft, and regulatory compliance violations under GDPR and other European cybersecurity regulations. The fact that the attacker needs possession of the second factor reduces the attack surface but does not eliminate risk, especially in environments where second factors might be shared, stolen, or otherwise compromised. The high impact on confidentiality, integrity, and availability makes this vulnerability particularly concerning for sectors such as energy, manufacturing, transportation, and critical infrastructure within Europe.

Mitigation Recommendations

1. Immediate mitigation should include enforcing strict control and monitoring of second-factor devices or tokens to prevent unauthorized possession. 2. Implement additional authentication layers or anomaly detection systems to identify unusual login patterns or simultaneous logins from different locations. 3. Restrict remote access to mbCONNECT24 interfaces via network segmentation, VPNs, or IP whitelisting to reduce exposure. 4. Conduct thorough user education and awareness campaigns emphasizing the importance of safeguarding second-factor credentials. 5. Monitor logs for suspicious authentication attempts and implement alerting mechanisms. 6. Engage with MB connect line for timely updates and patches; prioritize patch deployment once available. 7. Consider temporary disabling or limiting use of second-factor authentication methods vulnerable to theft or duplication until a fix is applied. 8. Review and tighten authorization policies within mbCONNECT24 to ensure that possession of a second factor alone cannot grant access without password verification.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
CERTVDE
Date Reserved
2025-04-01T13:41:22.429Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 685a60c6dec26fc862d9472e

Added to database: 6/24/2025, 8:24:38 AM

Last enriched: 6/24/2025, 8:39:57 AM

Last updated: 8/12/2025, 2:51:56 AM

Views: 32

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats