Vulnerability Description
A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the argument Senha/Confirmação da senha can lead to weak password requirements. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is regarded as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
LOW
Related Weaknesses (CWE)
References
- https://github.com/marcelomulder/CVE/blob/main/NovoSga/CVE-2025-11322.md
- https://github.com/marcelomulder/CVE/blob/main/NovoSga/Weak%20Password%20Policy%
- https://vuldb.com/?ctiid.327203
- https://vuldb.com/?id.327203
- https://vuldb.com/?submit.664517
FAQ
What is CVE-2025-11322?
CVE-2025-11322 is a vulnerability with a CVSS score of 3.7 (LOW). A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the arg...
How severe is CVE-2025-11322?
CVE-2025-11322 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11322?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.