How to fix CVE-2025-58156?

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

Is Centurion Erp affected by CVE-2025-58156?

CVE-2025-58156 is a low-severity vulnerability in versions starting from 1.12.0 to (CVSS 1.9). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. A patch is available and can be applied during standard maintenance windows.

CVE-2025-58156

LOW

2025-08-29 [email protected]

Authentication Bypass Centurion Erp

1.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:09 vuln.today

Patch Released

Mar 28, 2026 - 19:09 nvd

Patch available

CVE Published

Aug 29, 2025 - 22:15 nvd

LOW 1.9

DescriptionNVD

Centurion ERP is an ERP with a focus on ITSM and automation. In versions starting from 1.12.0 to before 1.21.0, an authenticated user can view all authentication token details within the database. This includes the actual token, although only the hashed token. This does not include any un-hashed authentication token as viewable. This issue has been patched in version 1.21.0. A workaround for this is not deemed viable as it would involve disabling token authentication. Users are encouraged to remove any authentication token that was created by one of the effected versions of Centurion ERP. Webmasters can ensure this occurs by removing all authentication tokens from the database.

AnalysisAI

Centurion ERP is an ERP with a focus on ITSM and automation. Rated low severity (CVSS 1.9), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-285. Centurion ERP is an ERP with a focus on ITSM and automation. In versions starting from 1.12.0 to before 1.21.0, an authenticated user can view all authentication token details within the database. This includes the actual token, although only the hashed token. This does not include any un-hashed authentication token as viewable. This issue has been patched in version 1.21.0. A workaround for this is not deemed viable as it would involve disabling token authentication. Users are encouraged to remove any authentication token that was created by one of the effected versions of Centurion ERP. Webmasters can ensure this occurs by removing all authentication tokens from the database. Affected products include: Nofusscomputing Centurion Erp. Version information: before 1.21.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-58156 vulnerability details – vuln.today

Back