CVE-2025-4687

Vulnerability Description

In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7.

Related Weaknesses (CWE)

CWE-288

References

https://jowin922.medium.com/cve-2025-4687-pre-account-takeover-through-invite-on

FAQ

What is CVE-2025-4687?

CVE-2025-4687 is a documented vulnerability. In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platfo...

How severe is CVE-2025-4687?

CVSS scoring is not yet available for CVE-2025-4687. Check NVD for updates.

Is there a patch for CVE-2025-4687?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.