CVE-2025-4528

MEDIUM

Dgitro NGC Explorer < 3.44.15 - Insufficient Session Expiration

Title source: llm

Description

A weakness has been identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. This affects an unknown function. Executing a manipulation can lead to session expiration. The attack can be launched remotely. Upgrading to version 3.48.22 mitigates this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.

References (8)

Core 8

Core References

Third Party Advisory, VDB Entry vdb-entry

https://vuldb.com/?id.308273

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.308273

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.565309

Vdb Entry, Technical Description vdb-entry technical-description

VDB-308273 | Dígitro NGC Explorer session expiration

https://vuldb.com/vuln/308273

Signature, Permissions Required signature permissions-required

VDB-308273 | CTI Indicators (IOB, IOC)

https://vuldb.com/vuln/308273/cti

Third Party Advisory third-party-advisory

Submit #565309 | Dígitro NGC Explorer 3.44.15 Improper session token expiration

https://vuldb.com/submit/565309

Patch patch

https://digitro.com/recomendacao-10-2026-ctir-gov/

Scores

CVSS v3 4.3

EPSS 0.0033

EPSS Percentile 24.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-613

Status published

Products (40)

digitro/ngc_explorer < 3.44.15

Dígitro/NGC Explorer 3.44.0

Dígitro/NGC Explorer 3.44.1

Dígitro/NGC Explorer 3.44.10

Dígitro/NGC Explorer 3.44.11

Dígitro/NGC Explorer 3.44.12

Dígitro/NGC Explorer 3.44.13

Dígitro/NGC Explorer 3.44.14

Dígitro/NGC Explorer 3.44.15

Dígitro/NGC Explorer 3.44.2

... and 30 more

Published May 11, 2025

Tracked Since Feb 18, 2026