Main Vulnerability Database Vulnerabilities #VU107917

#VU107917 Missing Authorization in Flynax Bridge - CVE-2025-3604

Published: April 24, 2025 / Updated: May 9, 2025

Vulnerability identifier: #VU107917

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2025-3604

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Flynax Bridge

Software vendor:
Alan Wake

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to the affected plugin does not properly validate a user's identity prior to updating their details like email. A remote attacker can change arbitrary user's email addresses and and gain access to their account.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/flynax-bridge/flynax-bridge-220-unauthenticated-privilege-escalation-via-account-takeover

#VU107917 Missing Authorization in Flynax Bridge - CVE-2025-3604

Description

Remediation

External links

Please verify you're human