Date:2025/05/20
【Vulnerability Alert】Wormhole Technology GPM has Unverified Password Change Vulnerability
- Subject Description: 【Vulnerability Alert】Wormhole Technology GPM has Unverified Password Change Vulnerability
- Content Description:
- Forwarded from Taiwan Computer Network Crisis Handling and Coordination Center TWCERTCC-200-202505-00000011
- [Wormhole Technology GPM - Unverified Password Change] (CVE-2025-4558, CVSS: 9.8) Wormhole Technology GPM has Unverified Password Change vulnerability, remote attackers without identity authentication can modify any user's password and use the modified password to log into the system.
- Affected Platforms:
- Versions before GPM 202502 (exclusive)
- Recommended Actions:
- Please update to version 202502 (inclusive) or later
- Reference Information:
- Wormhole Technology GPM - Unverified Password Change: https://www.twcert.org.tw/tw/cp-132-10114-10b4b-1.html
Network System Division
Computer and Communication Center9
