CVE-2025-48746

Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://community.netwrix.com/t/adv-2025-014-critical-vulnerabilities-in-netwrix-directory-manager-formerly-imanami-groupid-v11/13951	Vendor Advisory
https://netwrix.com	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:netwrix:directory_manager::::::::
	cpe:2.3:a:netwrix:directory_manager::::::::

History

24 Jun 2025, 18:40

Type	Values Removed	Values Added
CPE		cpe:2.3:a:netwrix:directory_manager::::::::
First Time		Netwrix directory Manager Netwrix
References	~~() https://community.netwrix.com/t/adv-2025-014-critical-vulnerabilities-in-netwrix-directory-manager-formerly-imanami-groupid-v11/13951 -~~	() https://community.netwrix.com/t/adv-2025-014-critical-vulnerabilities-in-netwrix-directory-manager-formerly-imanami-groupid-v11/13951 - Vendor Advisory
References	~~() https://netwrix.com -~~	() https://netwrix.com - Product

30 May 2025, 17:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
Summary		(es) Netwrix Directory Manager (anteriormente Imanami GroupID) v.11.0.0.0 y anteriores, así como también después de v.11.1.25134.03, carece de autenticación para una función crítica.
CWE		CWE-287

28 May 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-28 17:15

Updated : 2025-06-24 18:40

NVD link : CVE-2025-48746

Mitre link : CVE-2025-48746

CVE.ORG link : CVE-2025-48746

JSON object : View

Products Affected

netwrix

directory_manager

CWE

CWE-287

Improper Authentication

6.5 /10