CVE-2025-57434

HIGH

Creacast Creabox Manager - Authentication Bypass

Title source: rule

Description

Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows.

References (2)

[Product] http://www.creacast.com/

[Exploit, Third Party Advisory] https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57434

View Exploit ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0008

EPSS Percentile 23.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-287 CWE-798

Status published

Products (1)

creacast/creabox_manager 4.4.4

Published Sep 22, 2025

Tracked Since Feb 18, 2026