CVE-2025-25497

High

Published: 06 March 2025

Published

06 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0011 29.6th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25497 is a high-severity Client-Side Enforcement of Server-Side Security (CWE-602) vulnerability in Netsweeper Server (inferred from references). Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Account Manipulation (T1098); ranked at the 29.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Account Manipulation (T1098). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Requires the system to enforce approved authorizations for access to resources server-side, directly preventing unauthorized changes to the Account Owner field.

SI-10 Information Input Validation good match

prevent

Mandates server-side validation of information inputs, countering the client-side-only restrictions and lack of validation for Account Owner modifications.

AC-2 Account Management partial match

prevent

Establishes procedures for managing system accounts, including ownership assignments, to restrict unauthorized reassignments.

MITRE ATT&CK Enterprise TechniquesAI

T1098 Account Manipulation Persistence

Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.

attack.mitre.org →

Why these techniques?

The vulnerability directly enables unauthorized modification of account ownership properties, mapping to T1098 Account Manipulation for privilege escalation and unauthorized access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue in account management interface in Netsweeper Server v.8.2.6 and earlier (fixed in v.8.2.7) allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to…

or away from any user.

Deeper analysisAI

CVE-2025-25497 is a vulnerability in the account management interface of Netsweeper Server versions 8.2.6 and earlier. It stems from client-side-only restrictions and a lack of server-side validation, allowing unauthorized modifications to the "Account Owner" field. This flaw enables attackers to reassign account ownership to or away from any user. The issue has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-602 (Client-Side Enforcement of Server-Side Security).

An authenticated attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to alter account ownership arbitrarily, potentially granting unauthorized control over other users' accounts and leading to high impacts on confidentiality and integrity, such as data access or privilege escalation within the Netsweeper environment.

Netsweeper addressed the vulnerability in version 8.2.7, as detailed in their release notes. Security practitioners should update affected Netsweeper Server installations to v8.2.7 or later to mitigate the issue, with further details available in the vendor's documentation and related advisories like those on PacketStorm.