Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administration section.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.clickstudios.com.au/passwordstate-changelog.aspx cve-icon
https://www.clickstudios.com.au/security/advisories/ cve-icon
History

Tue, 16 Sep 2025 03:45:00 +0000

Type Values Removed Values Added
Description Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administration section.
Weaknesses CWE-669
References
Metrics cvssV3_1

{'score': 3.2, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-09-16T03:40:35.594Z

Reserved: 2025-09-16T00:00:00.000Z

Link: CVE-2025-59453

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.