Medium severityNVD Advisory· Published Oct 23, 2025· Updated Apr 15, 2026

CVE-2025-34155

Description

Tibbo AggreGate Network Manager < 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can facilitate user enumeration and increase the likelihood of targeted brute-force or credential-stuffing attacks.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

aggregate.digital/downloads.htmlnvd
aggregate.digital/products/network-manager.htmlnvd
www.vulncheck.com/advisories/tibbo-aggregate-network-manager-login-functionality-user-enumerationnvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000