CVE Alert: CVE-2025-7204

July 11, 2025
image 1

Vulnerability Summary: CVE-2025-7204

In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users could then retrieve these hashes. An attacker or privileged user could then use these exposed hashes to conduct offline brute-force or dictionary attacks. Such attacks could lead to credential compromise, allowing unauthorized access to accounts, and potentially privilege escalation within the system.

Affected Endpoints:

No affected endpoints listed.

Published Date:

7/9/2025, 3:15:25 PM

⚠️ CVSS Score:

CVSS v3 Score: 6.5 (Medium)

Exploit Status:

Not Exploited

References:

Recommended Action:

No proposed action available. Please refer to vendor documentation for updates.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

CISA_Logo

US-CERT Vulnerability Summary for the Week of July 7, 2025

July 15, 2025
Palo_Alto_Networks_Logo

[Palo Alto Networks Security Advisories] CVE-2023-48795 Impact of Terrapin SSH Attack

July 15, 2025
image

[QILIN] – Ransomware Victim: WH Rogers Sheet Metal

July 15, 2025
image

CVE Alert: CVE-2025-7519

July 15, 2025
image

CVE Alert: CVE-2025-7606

July 15, 2025