Primary

Context

WormHole Tech GPM Unverified Password Change Vulnerability

Vulnerability

A vulnerability allowing unauthenticated remote attackers to change any user's password has been identified in WormHole Tech's GPM, versions prior to 202502. This unverified password change vulnerability enables attackers to log into the system using the modified password.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, enabling attackers to gain unauthorized access to user accounts.

Remediation

Users are advised to update to GPM version 202502 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WormHole Tech GPM Unverified Password Change Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating