Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.CreditsJakob Hagl (SBA Research)Marija Radosavljević (SBA Research)Fabian Funder (SBA Research)Referenceshttps://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251104-02_Suprema_BioStar_2_Insecure_Password_Changehttps://www.supremainc.com/en/platform/hybrid-security-platform-biostar-2.asp
