CVE-2025-57434

HIGH

Creacast Creabox Manager - Authentication Bypass

Title source: rule

Description

Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows.

References (2)

[Product] http://www.creacast.com/

[Exploit, Third Party Advisory] https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57434

View Exploit ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0009

EPSS Percentile 26.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287 CWE-798

Status published

Affected Products (1)

creacast/creabox_manager

Timeline

Published Sep 22, 2025

Tracked Since Feb 18, 2026