Weak Password Requirements

CVE-2025-11322

Low

2.9/10

Summary

A flaw has been found in novosga/novosga. The impacted element is an unknown function of the file `/novosga.users/new` of the component `User Creation Page`. Executing manipulation of the argument `Senha/Confirmacao` da senha can lead to weak password requirements. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is regarded as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-521 - Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References

Advisory
POC/Exploit

Advisory Timeline

Published Oct 06, 2025

Weak Password Requirements

CVE-2025-11322

Summary

CWE-521 - Weak Password Requirements

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS