CVE-2025-41257: CWE-20 Improper Input Validation in Suprema BioStar 2
Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.
CVE-2025-41257: CWE-20 Improper Input Validation in Suprema BioStar 2
Description
Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- sba-research
- Date Reserved
- 2025-04-16T09:37:50.631Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69a8cbd6d1a09e29cb893ba7
Added to database: 3/5/2026, 12:18:30 AM
Last updated: 3/5/2026, 3:24:22 AM
Views: 14
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-29127: CWE-269 Improper Privilege Management in International Datacasting Corporation SFX2100 Satellite Receiver
CriticalCVE-2026-26034: Incorrect default permissions in Dell Inc. UPS Multi-UPS Management Console (MUMC)
HighCVE-2026-26033: Unquoted search path or element in Dell Inc. UPS Multi-UPS Management Console (MUMC)
MediumCVE-2024-57854: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in DOUGDUDE Net::NSCA::Client
UnknownDifferentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary], (Wed, Mar 4th)
MediumActions
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.