CVE-2025-27408— Manifest Uses a One-Way Hash without a Salt

CVSS 4.8 · Medium EPSS 0.06% · P18 Updated Mar 05, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-27408

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Manifest Uses a One-Way Hash without a Salt

Source: NVD (National Vulnerability Database)

Vulnerability Description

Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same hash, making it easier for attackers to identify and exploit patterns, thereby accelerating the cracking process. Version 4.9.2 fixes the issue.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用未加Salt的单向哈希算法

Source: NVD (National Vulnerability Database)

Vulnerability Title

Manifest 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Manifest是Manifest开源的一个文件后端程序。 Manifest 4.9.1之前版本存在安全漏洞，该漏洞源于使用无盐的SHA3哈希算法，增加密码被破解的风险。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
mnfst	manifest	< 4.9.2	-

II. Public POCs for CVE-2025-27408

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-27408

请登录查看更多情报信息。

Use of a One-Way Hash without a Salt in manifest · Advisory · mnfst/manifest · GitHubx_refsource_CONFIRM
Merge commit from fork · mnfst/manifest@3ed6f13 · GitHubx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2025-27408

IV. Related Vulnerabilities

Same weakness: CWE-759

V. Comments for CVE-2025-27408

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-27408— Manifest Uses a One-Way Hash without a Salt

I. Basic Information for CVE-2025-27408

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-27408

III. Intelligence Information for CVE-2025-27408

IV. Related Vulnerabilities

V. Comments for CVE-2025-27408

Leave a comment