Home > Vulnerability Database > CVE-2025-58156

Mend.io Vulnerability Database

CVE-2025-58156

Good to know:

Date: August 29, 2025

Centurion ERP is an ERP with a focus on ITSM and automation. In versions starting from 1.12.0 to before 1.21.0, an authenticated user can view all authentication token details within the database. This includes the actual token, although only the hashed token. This does not include any un-hashed authentication token as viewable. This issue has been patched in version 1.21.0. A workaround for this is not deemed viable as it would involve disabling token authentication. Users are encouraged to remove any authentication token that was created by one of the effected versions of Centurion ERP. Webmasters can ensure this occurs by removing all authentication tokens from the database.

Severity Score

1.9

Related Resources (5)

Url: https://github.com/nofusscomputing/centurion_erp/pull/974

Url: https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-x75j-cm35-5qcg

Url: https://github.com/nofusscomputing/centurion_erp/commit/332eb1075ad828e5c4c24caeaf5605259eb7ce34

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-58156

Url: https://www.mend.io/vulnerability-database/CVE-2025-58156

Severity Score

1.9

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version https://github.com/nofusscomputing/centurion_erp.git - 1.21.0

Learn More

CVSS v3.1

Base Score:	1.9
Attack Vector (AV):	PHYSICAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-58156

Good to know:

Date: August 29, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?