CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1887: SMB forced authentication vulnerability in Sage 200 Spain

7.1 CVSS

Description

SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by the attacker.

Classification

CVE ID: CVE-2025-1887

CVSS Base Severity: HIGH

CVSS Base Score: 7.1

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem Types

CWE-294 Authentication Bypass by Capture-replay

Affected Products

Vendor: Sage

Product: Sage 200 Spain

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 9.71% (scored less or equal to compared to others)

EPSS Date: 2025-04-05 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1887
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sage-200-spain

Timeline

2025-03-07 11:40:18 UTC
CVE

SMB forced authentication vulnerability in Sage 200 Spain