Vulnerability Details CVE-2025-58443
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is expected to be released 9/15/2025. To address this vulnerability immediately, upgrade to the latest version of either the dev-branch or working-1.6 branch. This will patch the issue for users concerned about immediate exposure. See the FOG Project documentation for step-by-step upgrade instructions: https://docs.fogproject.org/en/latest/install-fog-server#choosing-a-fog-version.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.3%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2025-58443
-
cpe:2.3:a:fogproject:fogproject:-
-
cpe:2.3:a:fogproject:fogproject:1.3.0
-
cpe:2.3:a:fogproject:fogproject:1.3.1
-
cpe:2.3:a:fogproject:fogproject:1.3.2
-
cpe:2.3:a:fogproject:fogproject:1.3.3
-
cpe:2.3:a:fogproject:fogproject:1.3.4
-
cpe:2.3:a:fogproject:fogproject:1.3.5
-
cpe:2.3:a:fogproject:fogproject:1.4.0
-
cpe:2.3:a:fogproject:fogproject:1.4.1
-
cpe:2.3:a:fogproject:fogproject:1.4.2
-
cpe:2.3:a:fogproject:fogproject:1.4.3
-
cpe:2.3:a:fogproject:fogproject:1.4.4
-
cpe:2.3:a:fogproject:fogproject:1.5.0
-
cpe:2.3:a:fogproject:fogproject:1.5.1
-
cpe:2.3:a:fogproject:fogproject:1.5.10
-
cpe:2.3:a:fogproject:fogproject:1.5.10.15
-
cpe:2.3:a:fogproject:fogproject:1.5.10.1565
-
cpe:2.3:a:fogproject:fogproject:1.5.10.1566
-
cpe:2.3:a:fogproject:fogproject:1.5.10.1593
-
cpe:2.3:a:fogproject:fogproject:1.5.10.1615
-
cpe:2.3:a:fogproject:fogproject:1.5.10.1622
-
cpe:2.3:a:fogproject:fogproject:1.5.10.1629
-
cpe:2.3:a:fogproject:fogproject:1.5.10.1634
-
cpe:2.3:a:fogproject:fogproject:1.5.10.1639
-
cpe:2.3:a:fogproject:fogproject:1.5.10.1650
-
cpe:2.3:a:fogproject:fogproject:1.5.10.1655
-
cpe:2.3:a:fogproject:fogproject:1.5.10.1660
-
cpe:2.3:a:fogproject:fogproject:1.5.10.1667
-
cpe:2.3:a:fogproject:fogproject:1.5.10.1673
-
cpe:2.3:a:fogproject:fogproject:1.5.10.30
-
cpe:2.3:a:fogproject:fogproject:1.5.10.41
-
cpe:2.3:a:fogproject:fogproject:1.5.10.41.2
-
cpe:2.3:a:fogproject:fogproject:1.5.10.41.3
-
cpe:2.3:a:fogproject:fogproject:1.5.10.47
-
cpe:2.3:a:fogproject:fogproject:1.5.10.74
-
cpe:2.3:a:fogproject:fogproject:1.5.2
-
cpe:2.3:a:fogproject:fogproject:1.5.3
-
cpe:2.3:a:fogproject:fogproject:1.5.4
-
cpe:2.3:a:fogproject:fogproject:1.5.5
-
cpe:2.3:a:fogproject:fogproject:1.5.6
-
cpe:2.3:a:fogproject:fogproject:1.5.7
-
cpe:2.3:a:fogproject:fogproject:1.5.8
-
cpe:2.3:a:fogproject:fogproject:1.5.9