Listen to this Post
How the CVE Works
CVE-2025-48746 exploits a missing authentication mechanism in Netwrix Directory Manager (formerly Imanami GroupID) versions 11.0.0.0 and earlier, as well as some post-11.1.25134.03 builds. Attackers can send crafted requests to critical functions without authentication, allowing unauthorized access to directory management operations. The flaw stems from improper session validation, enabling privilege escalation or data manipulation. The CVSS 4.0 vector highlights network-based exploitation with low attack complexity, leading to full system compromise.
DailyCVE Form
Platform: Netwrix Directory Manager
Version: <=11.0.0.0, 11.1.25134.03
Vulnerability: Auth Bypass
Severity: Critical
Date: 06/24/2025
Prediction: Patch by 08/15/2025
What Undercode Say
nmap -p 443 --script http-vuln-cve2025-48746 <target> curl -X POST -d "unauthenticated=payload" http://<target>/admin_api
How Exploit
1. Craft unauthenticated POST request to `/admin_api`.
2. Bypass session checks via null cookies.
3. Execute privileged directory commands.
Protection from this CVE
- Apply vendor patch.
- Restrict API access.
- Enable MFA.
Impact
- Full directory takeover.
- Data exfiltration.
- Privilege escalation.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
