Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
BioStar 2 Password Reset Allows New Password Without Old One
CVE-2025-41257
Summary
The BioStar 2 software has a weakness that lets users reset their password without knowing the current one. If attackers find other weaknesses in the system, they might be able to use this to access accounts without permission. To protect your system, update to the latest version of BioStar 2.
Original title
Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account...
Original description
Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.
nvd CVSS3.1
4.8
Vulnerability type
CWE-20
Improper Input Validation
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026