{"id":"CVE-2025-58443","summary":"FOG's authentication bypass leads to full SQL DB dump","details":"FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is expected to be released 9/15/2025. To address this vulnerability immediately, upgrade to the latest version of either the dev-branch or working-1.6 branch. This will patch the issue for users concerned about immediate exposure. See the FOG Project documentation for step-by-step upgrade instructions: https://docs.fogproject.org/en/latest/install-fog-server#choosing-a-fog-version.","aliases":["GHSA-mvwm-9m2h-87p9"],"modified":"2026-03-14T12:44:18.237065Z","published":"2025-09-06T20:04:25.442Z","database_specific":{"cwe_ids":["CWE-287","CWE-306"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58443.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58443.json"},{"type":"ADVISORY","url":"https://github.com/FOGProject/fogproject/security/advisories/GHSA-mvwm-9m2h-87p9"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58443"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fogproject/fogproject","events":[{"introduced":"0"},{"last_affected":"8af159d791d347fa2fbc6eae7501b54dd5e99e0c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.5.10.1673"}]}}],"versions":["1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.5.10.1565","1.5.10.1566","1.5.10.1593","1.5.10.1615","1.5.10.1622","1.5.10.1629","1.5.10.1634","1.5.10.1639","1.5.10.1650","1.5.10.1655","1.5.10.1660","1.5.10.1667","1.5.10.1673","1.5.10.41","1.5.10.48","1.5.10.74"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58443.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"}]}