CVE Vulnerabilities

CVE-2025-41705

Unprotected Transport of Credentials

Published: Oct 14, 2025 | Modified: Oct 14, 2025

CVSS 3.x

N/A

Source:

NVD

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Vulnerability-free packages from our partners

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-41705
CWE	https://cwe.mitre.org/data/definitions/523.html

An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend.

Weakness

Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

Potential Mitigations

https://cwe.mitre.org/data/definitions/102.html

References

https://certvde.com/de/advisories/VDE-2025-072

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.

CVE-2025-41705

Unprotected Transport of Credentials

Weakness

Potential Mitigations

Related Attack Patterns

References