Cyber Resilience

CVE-2025-45777

CriticalPublic PoC

Published: 25 July 2025

Published
25 July 2025
Modified
10 October 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0035 58.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-45777 is a critical-severity Improper Authentication (CWE-287) vulnerability in Abeltechsoft Chavara Matrimony. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 41.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and IA-8 (Identification and Authentication (Non-organizational Users)).

Deeper analysis

CVE-2025-45777, published on 2025-07-25, is a critical authentication bypass vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting the OTP mechanism in Chavara Family Welfare Centre Chavara Matrimony Site v2.0. The flaw, tied to CWE-287 (Improper Authentication), enables attackers to circumvent authentication controls by submitting a crafted request.

Remote attackers require no privileges, user interaction, or special conditions beyond network access to exploit this issue with low complexity. Successful exploitation results in high impacts across confidentiality, integrity, and availability, allowing unauthorized access to authenticated functionality on the matrimony site.

Advisories and related resources are available at https://github.com/edwin-0990/CVE_ID/tree/main/CVE-2025-45777, which likely contains proof-of-concept details, and https://www.chavaramatrimony.com/register-free, the affected site's registration endpoint. No specific patch or mitigation steps are outlined in the CVE description.

EU & UK References

Vulnerability details

An issue in the OTP mechanism of Chavara Family Welfare Centre Chavara Matrimony Site v2.0 allows attackers to bypass authentication via supplying a crafted request.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The CVE describes an authentication bypass vulnerability in a public-facing web application (matrimony site) via crafted OTP requests, enabling exploitation of public-facing applications.

CVEs Like This One

CVE-2025-71279Shared CWE-287
CVE-2024-13804Shared CWE-287
CVE-2024-57046Shared CWE-287
CVE-2026-1203Shared CWE-287
CVE-2026-1740Shared CWE-287
CVE-2025-43995Shared CWE-287
CVE-2026-7876Shared CWE-287
CVE-2025-0637Shared CWE-287
CVE-2025-61882Shared CWE-287
CVE-2026-0589Shared CWE-287

Affected Assets

abeltechsoft
chavara matrimony
2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-5 requires proper management, protection, and verification of authenticators like OTPs, directly preventing bypasses in the OTP mechanism.

prevent

IA-8 mandates identification and authentication for non-organizational users accessing public sites, comprehensively addressing the authentication bypass vulnerability.

prevent

SI-10 enforces validation of all inputs, blocking crafted requests that circumvent the OTP authentication process.

References