CVE-2025-2440

MEDIUM Year: 2025
CVSS v3 Score
4.2
Medium
Weakness Type
CWE-922
View all →

Vulnerability Description

CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in factory default mode.

Related Vulnerabilities

CVE-2017-16560

MEDIUM
CVSS:4.3(Medium)

SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user ...

CWE-9222017

CVE-2019-12825

MEDIUM
CVSS:4.3(Medium)

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups....

CWE-9222019

CVE-2019-13717

MEDIUM
CVSS:4.3(Medium)

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

CWE-9222019

CVE-2019-13719

MEDIUM
CVSS:4.3(Medium)

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

CWE-9222019

CVE-2020-26176

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an atta...

CWE-9222020

CVE-2020-29603

MEDIUM
CVSS:4.3(Medium)

In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having acce...

CWE-9222020