How severe is CVE-2025-27408?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2025-27408?

This is classified as CWE-759, which is a common weakness in software security.

CVE-2025-27408

MEDIUM Year: 2025

CVSS v3 Score

4.8

Medium

Weakness Type

CWE-759

View all →

Vulnerability Description

Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same hash, making it easier for attackers to identify and exploit patterns, thereby accelerating the cracking process. Version 4.9.2 fixes the issue.

CVE-2023-33838

MEDIUM

CVSS:4.9(Medium)

IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as...

CWE-7592023

CVE-2021-21253

MEDIUM

CVSS:5.3(Medium)

OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there ...

CWE-7592021

CVE-2020-25164

HIGH

CVSS:7.5(High)

A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrati...

CWE-7592020

CVE-2020-16244

HIGH

CVSS:7.2(High)

GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts t...

CWE-7592020