CVE-2025-24899

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/yogeshojha/rengine/commit/a658b8519f1a3347634b04733cf91ed933af1f99	Patch
https://github.com/yogeshojha/rengine/security/advisories/GHSA-r3fp-xr9f-wv38	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:yogeshojha:rengine:*:*:*:*:*:*:*:*

History

13 May 2025, 19:23

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:yogeshojha:rengine::::::::
CWE		NVD-CWE-noinfo
First Time		Yogeshojha Yogeshojha rengine
Summary		(es) reNgine es un framework de reconocimiento automatizado para aplicaciones web. Se descubrió una vulnerabilidad en reNgine, donde un atacante interno con cualquier rol (como Auditor, Penetration Tester o Sys Admin) puede extraer información confidencial de otros usuarios de reNgine. Después de ejecutar un análisis y obtener vulnerabilidades de un objetivo, el atacante puede recuperar detalles como `nombre de usuario`, `contraseña`, `correo electrónico`, `rol`, `nombre`, `apellido`, `estado` e `información de actividad` al realizar una solicitud GET a `/api/listVulnerability/`. Este problema se ha solucionado en la versión 2.2.0 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.
References	~~() https://github.com/yogeshojha/rengine/commit/a658b8519f1a3347634b04733cf91ed933af1f99 -~~	() https://github.com/yogeshojha/rengine/commit/a658b8519f1a3347634b04733cf91ed933af1f99 - Patch
References	~~() https://github.com/yogeshojha/rengine/security/advisories/GHSA-r3fp-xr9f-wv38 -~~	() https://github.com/yogeshojha/rengine/security/advisories/GHSA-r3fp-xr9f-wv38 - Exploit, Vendor Advisory

03 Feb 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-03 21:15

Updated : 2025-05-13 19:23

NVD link : CVE-2025-24899

Mitre link : CVE-2025-24899

CVE.ORG link : CVE-2025-24899

JSON object : View

Products Affected

yogeshojha

rengine

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

7.5 /10