CVE-2025-50433

CRITICAL

imonnit - Account Takeover via Weak Password Recovery Mechanism

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-50433. PoCs published by 0xMandor.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-50433, an authentication bypass vulnerability in Monnit Cloud Platforms. The vulnerability allows attackers to perform account takeovers by exploiting improper validation of password reset tokens.

Description

An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts.

Exploits (1)

nomisec WRITEUP

by 0xMandor · poc

https://github.com/0xMandor/CVE-2025-50433

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-50433, an authentication bypass vulnerability in Monnit Cloud Platforms. The vulnerability allows attackers to perform account takeovers by exploiting improper validation of password reset tokens.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Monnit Cloud Platforms (*.imonnit.com)

No auth needed

Prerequisites: Valid password reset token for attacker's account

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Broken Link

http://imonnitcom.com

Product

http://monnit.com

Third Party Advisory

https://github.com/0xMandor/imonnit-ato-advisory/blob/main/CVE-2025-50433.md

View Writeup ZIP pw:eip

Exploit

https://youtu.be/-BqcdwHgMMA

Scores

CVSS v3 9.8

EPSS 0.0043

EPSS Percentile 34.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-640

Status published

Products (1)

monnit/imonnit (2 CPE variants)

Published Nov 26, 2025

Tracked Since Feb 18, 2026