CVE-2025-4638906.08.2025, 11:15CWE-620: Unverified Password ChangeEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST6.5 MEDIUMNETWORKLOWLOWCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NINCDCNA6.5 MEDIUMNETWORKLOWLOWCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NCISA-ADPADP------Awaiting analysisThis vulnerability is currently awaiting analysis.Base ScoreCVSS 3.xEPSS ScorePercentile: 6%Common Weakness EnumerationCWE-620 - Unverified Password ChangeWhen setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.Referenceshttps://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0