【Vulnerability Alert】Wormhole Technology GPM has Unverified Password Change Vulnerability

• Subject Description: 【Vulnerability Alert】Wormhole Technology GPM has Unverified Password Change Vulnerability
• Content Description:
  • Forwarded from Taiwan Computer Network Crisis Handling and Coordination Center TWCERTCC-200-202505-00000011
  • [Wormhole Technology GPM - Unverified Password Change] (CVE-2025-4558, CVSS: 9.8) Wormhole Technology GPM has Unverified Password Change vulnerability, remote attackers without identity authentication can modify any user's password and use the modified password to log into the system.
• Affected Platforms:
  • Versions before GPM 202502 (exclusive)
• Recommended Actions:
  • Please update to version 202502 (inclusive) or later
• Reference Information:
  • Wormhole Technology GPM - Unverified Password Change: https://www.twcert.org.tw/tw/cp-132-10114-10b4b-1.html

Network System Division
Computer and Communication Center9