Blog

Cve 2025 24023

Posted on by

Cve 2025 24023. 【CVE202524023】FlaskAppBuilderに認証バイパスの脆弱性、ユーザー名列挙のリスクに対応したバージョン4.5.3をリリース / XEXEQ(ゼゼック) The vulnerability in question, CVE-2025-24023, relates to a timing attack on the authentication system in FAB versions before 4.5.3 In summary, the Flask-AppBuilder vulnerability (CVE-2025-24023) allows for user enumeration through timing discrepancies in login responses

Apache HTTP Server 2.4.58 security fixes for CVE202345802, CVE202343622, and CVE202331122
Apache HTTP Server 2.4.58 security fixes for CVE202345802, CVE202343622, and CVE202331122 from github.com

CVE-ID; CVE-2025-24023: Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate.

Apache HTTP Server 2.4.58 security fixes for CVE202345802, CVE202343622, and CVE202331122

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics. CVE-ID; CVE-2025-24023: Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login

CVE202524023 Description, Impact and Technical Details. CVE-ID; CVE-2025-24023: Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information The following table lists the changes that have been made to the CVE-2025-24023 vulnerability over time

CVE20250282 AttackerKB. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics. By comparing the server's response time to login requests with existing and nonexistent usernames, an attacker could enumerate existing usernames.