CVE-2025-4558

CVE-2025-4558

Name

CVE-2025-4558

Description

The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
third-party-advisory	https://www.twcert.org.tw/en/cp-139-10115-f5f14-2.html
third-party-advisory	https://www.twcert.org.tw/tw/cp-132-10114-10b4b-1.html

Type

URI

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10115-f5f14-2.html

third-party-advisory

https://www.twcert.org.tw/tw/cp-132-10114-10b4b-1.html

CPE URI	Source package	Min version	Max version
	gpm	>= 0	< 202502

CPE URI

Source package

Min version

Max version

gpm

>= 0

< 202502

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
gpm	edge-main	1.20.7-r6	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
gpm	edge-main	1.20.7-r5	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
gpm	3.23-main	1.20.7-r6	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
gpm	3.22-main	1.20.7-r5	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
gpm	3.21-main	1.20.7-r5	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
gpm	3.20-main	1.20.7-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
gpm	3.19-main	1.20.7-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

gpm

edge-main

1.20.7-r6

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

gpm

edge-main