Cyber Resilience

CVE-2025-50433

CriticalPublic PoC

Published: 26 November 2025

Published
26 November 2025
Modified
29 December 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0010 28.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50433 is a critical-severity Weak Password Recovery Mechanism for Forgotten Password (CWE-640) vulnerability in Monnit Imonnit. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and AC-2 (Account Management).

Deeper analysis

CVE-2025-50433, published on 2025-11-26, is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting the imonnit.com web application, discovered on 2025-04-24. Classified under CWE-640 (weak password recovery mechanism for forgotten passwords), it enables malicious actors to gain escalated privileges through a crafted password reset process, resulting in the takeover of arbitrary user accounts.

The vulnerability is exploitable by unauthenticated attackers over the network with low attack complexity and no user interaction required. Successful exploitation allows attackers to achieve high-impact compromise of confidentiality, integrity, and availability, specifically by seizing control of any targeted user account on the platform.

Advisories providing further details on the issue, including potential mitigations and patches, are referenced at http://imonnitcom.com, http://monnit.com, https://github.com/0xMandor/imonnit-ato-advisory/blob/main/CVE-2025-50433.md, and https://youtu.be/-BqcdwHgMMA. Security practitioners should review these sources for vendor-recommended remediation steps.

EU & UK References

Vulnerability details

An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1078.004 Cloud Accounts Stealth
Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1586.003 Cloud Accounts Resource Development
Adversaries may compromise cloud accounts that can be used during targeting.
Why these techniques?

Vulnerability in public-facing web application (imonnit.com) enables exploitation for account takeover via crafted password reset, facilitating privilege escalation and compromise/use of valid cloud accounts.

CVEs Like This One

CVE-2025-63314Shared CWE-640
CVE-2026-29199Shared CWE-640
CVE-2026-40585Shared CWE-640
CVE-2020-37172Shared CWE-640
CVE-2026-1325Shared CWE-640
CVE-2022-50910Shared CWE-640
CVE-2026-42606Shared CWE-640
CVE-2026-25858Shared CWE-640
CVE-2026-30459Shared CWE-640
CVE-2026-2895Shared CWE-640

Affected Assets

monnit
imonnit
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-5 mandates secure management and resetting of authenticators, directly addressing weak password recovery mechanisms that enable arbitrary account takeovers.

prevent

AC-2 establishes processes for account creation, modification, and review, helping to secure password reset workflows and prevent unauthorized privilege escalation.

prevent

SI-10 requires validation of information inputs, mitigating crafted requests in the password reset process that lead to account compromise.

References