Perceptive Security
SOC/SIEM Consultancy
MAXHUB Pivot
Published:
4 December 2025 at 12:00:00
Alert date:
5 December 2025 at 08:03:23
Source:
cisa.gov
CISA advisory for CVE-2025-53704 affecting MAXHUB Pivot client application versions prior to v1.36.2. The vulnerability involves a weak password recovery mechanism that could allow attackers to request password resets and gain unauthorized access to accounts. The flaw has a CVSS v4 score of 8.7 and is exploitable remotely with low attack complexity. MAXHUB recommends upgrading to v1.36.2 or newer to address the issue. The vulnerability was reported by Malik MAKKES of Abicom Groupe OCI and affects installations worldwide in the Information Technology sector.
Technical details
Mitigation steps:
Affected products:
MAXHUB Pivot
Related links:
https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-02
https://github.com/cisagov/CSAF
https://cwe.mitre.org/data/definitions/640.html
https://www.cve.org/CVERecord?id=CVE-2025-53704
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
https://www.maxhub.com/en/support/
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.cisa.gov/topics/industrial-control-systems
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
https://www.cisa.gov/uscert/ncas/tips/ST04-014
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.