CVE-2025-56449

EPSS 0.06% · P19 Updated Oct 29, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-56449

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA (e.g. after the 7-day enforcement window), the REST API still allows the use of Basic Authentication to authenticate and perform administrative actions. In particular, the default admin account was found to be locked out via the web interface but still usable through the REST API. This allowed creation of a new privileged user, bypassing MFA protections. This undermines the intended security posture of MFA enforcement.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Obsidian Scheduler 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Obsidian Scheduler是美国Obsidian公司的一个企业级任务调度器。 Obsidian Scheduler 5.0.0版本至6.3.0版本存在安全漏洞，该漏洞源于账户锁定后仍允许通过Basic Authentication进行身份验证，可能导致绕过MFA保护并创建特权用户。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2025-56449

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-56449

请登录查看更多情报信息。

Same Patch Batch · n/a · 2025-09-29 · 15 CVEs total

CVE-2025-55795		OpenML Frontend 安全漏洞
CVE-2025-56807		FairSketch RISE Ultimate Project Manager 安全漏洞
CVE-2025-56233		OpenIndiana 安全漏洞
CVE-2025-56234		Atekon AT_NA2000 安全漏洞
CVE-2025-56795		Mealie 安全漏洞
CVE-2025-57483		TawkTo Widget 安全漏洞
CVE-2025-57428		Italy Wireless WIRELESS-N 300M 安全漏洞
CVE-2025-57197		Payeer Application 安全漏洞
CVE-2025-57516		PublicCMS 安全漏洞
CVE-2025-51495		Mongoose 安全漏洞
CVE-2024-57412		OmniOs 安全漏洞
CVE-2025-57424		MyCourts 安全漏洞
CVE-2025-56764		Trivision NC-227WF 安全漏洞
CVE-2025-57266		ThriveX-Blog 安全漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2025-56449

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-56449

I. Basic Information for CVE-2025-56449

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-56449

III. Intelligence Information for CVE-2025-56449

Same Patch Batch · n/a · 2025-09-29 · 15 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-56449

Leave a comment