Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

User enumeration in M3M Printer Server Web

Posted date 26/05/2025
Identificador
INCIBE-2025-0268
Importance
3 - Medium
Affected Resources
  • M3M Printer Server Web.
Description

INCIBE has coordinated the publication of a medium severity vulnerability affecting M3M Printer Server Web, which has been discovered by David Padilla Alvarado.

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and vulnerability CWE type:

  • CVE-2025-40653: CVSS v4.0: 6.9 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N | CWE-209
Solution

There is no reported solution at this time.

Detail

CVE-2025-40653: user enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine whether a username is valid or not, allowing a brute force attack on valid usernames.

References list
M3M - Manufacturer's website
Etiquetas