CVE-2025-44040

An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via the UserService.php and the checkFOrOldHash function
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
orangehrmorangehrm
5.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/hexomedin3/advisories/tree/main/CVE-2025-44040
https://github.com/orangehrm/orangehrm/releases/tag/v5.7