View at Official alpine advisory, NVD, CVE.org · CVE detail
Freshness: no update timestamp found; verify against the upstream OS advisory manually.
CVE-2025-4558: 1 source package rows (gpm); 7 state rows across 6 repos (3.19-main, 3.20-main, 3.21-main, 3.22-main, 3.23-main, edge-main); fixed 0, open 7.
The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.