CVE-2025-29773
Published: 13 March 2025
Summary
CVE-2025-29773 is a medium-severity Improper Authentication (CWE-287) vulnerability in Froxlor Froxlor. Its CVSS base score is 5.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Create Account (T1136); ranked at the 25.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-4 (Identifier Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
IA-4 requires unique identifiers for users, directly preventing duplicate email addresses during account creation in Froxlor.
AC-2 mandates proper account management processes, including checks to avoid creating accounts with duplicate identifiers like email addresses.
SI-10 enforces input validation during account registration, mitigating exploitation by rejecting duplicate email inputs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability allows creation of accounts with duplicate emails by bypassing uniqueness checks, directly facilitating T1136 Create Account for account confusion or takeover scenarios.
NVD Description
Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and…
more
security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.
Deeper analysisAI
CVE-2025-29773 affects Froxlor, an open-source server administration software, in versions prior to 2.2.6. The vulnerability enables users to create accounts using the same email address as an existing account, such as an administrator's, due to a lack of duplicate email prevention. This flaw, classified under CWE-287 (Improper Authentication), leads to potential conflicts in account identification and broader security issues. It carries a CVSS v3.1 base score of 5.8 (AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N).
Authenticated users with elevated privileges, such as resellers or customers, can exploit this vulnerability by registering new accounts with an email address already in use by another account. The email-based attack vector allows for possible account confusion or takeover scenarios, compromising confidentiality and integrity of affected accounts, though no direct impact on availability is noted.
The Froxlor GitHub security advisory (GHSA-7j6w-p859-464f) and associated commit (a43d53d54034805e3e404702a01312fa0c40b623) confirm that upgrading to version 2.2.6 resolves the issue by implementing proper email uniqueness checks during account creation. Administrators are advised to apply this patch promptly to mitigate risks from duplicate email exploitation.
Details
- CWE(s)