CVE-2025-4527
Dígitro NGC Explorer Password Transmission client-side enforcement of server-side security
CVSS Score
3.7
EPSS Score
0.2%
EPSS Percentile
42th
A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. Upgrading to version 3.48.22 is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor was contacted early about this disclosure but did not respond in any way.
| CWE | CWE-602 |
| Vendor | dígitro |
| Product | ngc explorer |
| Published | May 11, 2025 |
| Last Updated | May 27, 2026 |
Stay Ahead of the Next One
Get instant alerts for dígitro ngc explorer
Be the first to know when new low vulnerabilities affecting dígitro ngc explorer are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Dígitro / NGC Explorer
3.44.0 3.44.1 3.44.2 3.44.3 3.44.4 3.44.5 3.44.6 3.44.7 3.44.8 3.44.9 3.44.10 3.44.11 3.44.12 3.44.13 3.44.14 3.44.15 3.48.0 3.48.1 3.48.2 3.48.3 3.48.4 3.48.5 3.48.6 3.48.7 3.48.8 3.48.9 3.48.10 3.48.11 3.48.12 3.48.13 3.48.14 3.48.15 3.48.16 3.48.17 3.48.18 3.48.19 3.48.20 3.48.21
References
vuldb.com: https://vuldb.com/vuln/308272 vuldb.com: https://vuldb.com/vuln/308272/cti vuldb.com: https://vuldb.com/submit/565308 digitro.com: https://digitro.com/recomendacao-10-2026-ctir-gov/ gov.br: https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026
Credits
🔍 j369 (VulDB User) VulDB CNA Team