CVE-2026-25803 — AI Deep Analysis Summary

🚨 **Essence**: 3DP-MANAGER has a critical trust management flaw. 📉 **Consequences**: Attackers gain **full administrative control** immediately upon installation. It’s a 'backdoor' by design.

🛡️ **Root Cause**: **CWE-798** (Use of Hard-coded Credentials). 🐛 **Flaw**: The system auto-creates an admin account with **known default credentials** during the first initialization. No randomization.

👥 **Affected**: **3DP-MANAGER** by **denpiligrim**. 📦 **Versions**: **2.0.1 and earlier**. If you are running this proxy tool, you are at risk.

💀 **Hacker Actions**: Complete takeover. 📂 **Privileges**: Full admin rights. 📊 **Data**: Total access to all managed proxies and configurations. No barriers.

📉 **Threshold**: **LOW**. 🚪 **Auth**: None required (PR:N). 🌐 **Access**: Network accessible (AV:N). 🖱️ **UI**: No user interaction needed (UI:N). It’s an open door.

🧪 **Public Exp?**: **No**. The `pocs` list is empty. 📢 **Wild Exp**: Unlikely to be widespread yet, but the vulnerability is trivial to exploit manually.

🔍 **Self-Check**: 1. Check version (≤2.0.1). 2. Look for default admin login prompts. 3. Scan for the specific default credentials if documented. 📝 **Note**: Default creds are the key indicator.

✅ **Fixed?**: **Yes**. 📅 **Date**: Published 2026-02-06. 🔗 **Patch**: See GitHub Advisory (GHSA-5x57-h7cw-9jmw) and Commit f568de4. Update immediately!

🚧 **No Patch?**: **Isolate** the service. 🚫 **Block** external network access to the management port. 🔄 **Change** credentials if possible (though hard-coded defaults may persist in old builds).

🔥 **Urgency**: **CRITICAL**. 🚨 **Priority**: **P0**. CVSS Score is **9.1** (High). Fix this NOW. Do not ignore default credential flaws in admin panels.