MAXHUB Pivot

Published:

4 december 2025 om 12:00:00

Alert date:

5 december 2025 om 08:03:23

Source:

cisa.gov

CISA advisory for CVE-2025-53704 affecting MAXHUB Pivot client application versions prior to v1.36.2. The vulnerability involves a weak password recovery mechanism that could allow attackers to request password resets and gain unauthorized access to accounts. The flaw has a CVSS v4 score of 8.7 and is exploitable remotely with low attack complexity. MAXHUB recommends upgrading to v1.36.2 or newer to address the issue. The vulnerability was reported by Malik MAKKES of Abicom Groupe OCI and affects installations worldwide in the Information Technology sector.

Technical details

Mitigation steps:

Affected products:

MAXHUB Pivot

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-02
https://github.com/cisagov/CSAF
https://cwe.mitre.org/data/definitions/640.html
https://www.cve.org/CVERecord?id=CVE-2025-53704
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
https://www.maxhub.com/en/support/
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.cisa.gov/topics/industrial-control-systems
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
https://www.cisa.gov/uscert/ncas/tips/ST04-014

Related CVE's:

CVE-2025-53704

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.