CVE-2025-27408
📋 TL;DR
Manifest micro back end versions before 4.9.2 use unsalted SHA3 hashing for passwords, making stored credentials vulnerable to cracking if database access is obtained. This affects all users of vulnerable Manifest deployments. Attackers can more easily crack password hashes and identify reused passwords across accounts.
💻 Affected Systems
- Manifest
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full credential compromise leading to account takeover, lateral movement, and potential data breach if password reuse exists.
Likely Case
Targeted password cracking of specific user accounts after database exfiltration, potentially enabling unauthorized access.
If Mitigated
Limited impact with strong unique passwords and proper access controls, though still vulnerable to rainbow table attacks.
🎯 Exploit Status
Exploitation requires database access first, then standard password cracking techniques apply.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.9.2
Vendor Advisory: https://github.com/mnfst/manifest/security/advisories/GHSA-h8h6-7752-g28c
Restart Required: Yes
Instructions:
1. Backup your Manifest deployment. 2. Update to version 4.9.2 or later. 3. Restart the Manifest service. 4. Force password resets for all users to generate new salted hashes.
🔧 Temporary Workarounds
Force Password Reset
allRequire all users to change passwords to generate new hashes with improved algorithm
🧯 If You Can't Patch
- Implement strict database access controls and monitoring
- Enforce strong password policies and require unique passwords per user
🔍 How to Verify
Check if Vulnerable:
Check Manifest version: if below 4.9.2, it's vulnerable. Review password hashing implementation in source code.Check Version:
Check package.json or deployment configuration for version numberVerify Fix Applied:
Confirm version is 4.9.2 or higher and check that password hashing uses proper salted algorithm.📡 Detection & Monitoring
Log Indicators:
- Unusual database access patterns
- Failed login attempts with cracked passwords
Network Indicators:
- Unexpected database connections
- Large data exfiltration from database
SIEM Query:
source="database_logs" AND (event="unauthorized_access" OR data_transfer>threshold)