CVE-2025-11322

LOW

Mangati NovoSGA <2.2.12 - Info Disclosure

Title source: llm

Description

A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the argument Senha/Confirmação da senha can lead to weak password requirements. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is regarded as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

[Permissions Required, VDB Entry] https://vuldb.com/?id.327203

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.327203

[Permissions Required, VDB Entry] https://vuldb.com/?submit.664517

[Various Sources] https://github.com/marcelomulder/CVE/blob/main/NovoSga/CVE-2025-11322.md

[Various Sources] https://github.com/marcelomulder/CVE/blob/main/NovoSga/Weak%20Password%20Policy%20in%20Novosga.md

Scores

CVSS v3 3.7

EPSS 0.0004

EPSS Percentile 11.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-521

Status published

Products (14)

Mangati/NovoSGA 2.2.0

Mangati/NovoSGA 2.2.1

Mangati/NovoSGA 2.2.10

Mangati/NovoSGA 2.2.11

Mangati/NovoSGA 2.2.12

Mangati/NovoSGA 2.2.2

Mangati/NovoSGA 2.2.3

Mangati/NovoSGA 2.2.4

Mangati/NovoSGA 2.2.5

Mangati/NovoSGA 2.2.6

... and 4 more

Published Oct 06, 2025

Tracked Since Feb 18, 2026