VDB

CVE-2025-11190

CVE-2025-11190 PUBLISHED

The Kiwire Captive Portal, provided by SynchroWeb, is an internet access gateway intended for providing guests internet access where many users will want to connect. Three vulnerabilities were discovered within the product, including SQL injection, open redirection, and cross site scripting (XSS), allowing an attacker multiple vectors to compromise the device. All three of the vulnerabilities have been addressed by the vendor. Customers using the Kiwire Captive Portal are recommended to update to the latest version of the product to remediate the vulnerabilities. The Kiwire Captive Portal is a guest wifi solution that provides users with internet access through a login system. The product is used in various different capacities across different enterprises, including hotels, office systems, and other companies. Three vulnerabilities have been discovered within the product that allow an attacker to compromise the Kiwire Captive Portal database, redirect users to a malicious website, and trigger JavaScript upon visiting the captive portal with the malicious payload appended in the URL. The following is a list of the CVE assignments and their respective vulnerability details: CVE-2025-11188 The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database. CVE-2025-11190 The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker-controlled website. CVE-2025-11189 The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability within the login-url parameter, allowing for JavaScript execution.

EPSS 0.07% · 21.1th percentile

Risk Scores

EPSS Score
0.07%
21.1th percentile

Timeline

  • Sep 30, 2025 CVE ID Reserved
  • Oct 10, 2025 EPSS Score
  • Oct 10, 2025 Coalition ESS Score
  • Oct 10, 2025 CVE Published
  • Oct 14, 2025 Coalition ESS Score
  • Oct 16, 2025 EPSS Score
  • Oct 16, 2025 Coalition ESS Score
  • Oct 17, 2025 Coalition ESS Score
  • Oct 23, 2025 EPSS Score
  • Oct 29, 2025 EPSS Score
  • Nov 3, 2025 Coalition ESS Score
  • Nov 3, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›