Cyber Resilience

CVE-2025-57434

HighPublic PoC

Published: 22 September 2025

Published
22 September 2025
Modified
14 October 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0009 26.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-57434 is a high-severity Improper Authentication (CWE-287) vulnerability in Creacast Creabox Manager. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 26.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The authentication bypass flaw enables unauthorized access using a predictable default-like credential (username 'creabox', password prefix 'creacast'), mapping to T1078.001 (Default Accounts). It also constitutes exploitation of a remote service vulnerability for access, mapping to T1210.

Affected Assets

creacast
creabox manager
4.4.4

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-287 CWE-798

Detects unauthorized successful logons resulting from improper authentication implementations.

addresses: CWE-287 CWE-798

Training on authentication mechanisms and best practices decreases the occurrence of improper authentication.

addresses: CWE-287 CWE-798

Documented IA policy and procedures require proper authentication mechanisms to be defined and followed, reducing improper authentication.

addresses: CWE-287 CWE-798

Identity providers centralize and enforce authentication mechanisms, reducing improper authentication.

addresses: CWE-798 CWE-287

Central credential stores and rotation policies remove the need for hard-coded credentials in configuration files or code.

addresses: CWE-287 CWE-798

Hunting detects anomalous authentication patterns or successful bypasses that allow persistent unauthorized entry.

addresses: CWE-287 CWE-798

Requiring explicit security roles and risk integration in the SDLC forces authentication mechanisms to be planned, documented, and validated instead of omitted or weakly implemented.

addresses: CWE-287

Documented procedures ensure personnel are trained on authentication mechanisms, tangibly lowering the risk of improper authentication being exploited.

References