CVE-2025-43863: 
Python vulnerability analysis and mitigation

CVE-2025-43863 affects vantage6, an open source framework designed for privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vulnerability was disclosed on June 12, 2025, and impacts versions prior to 4.11. The issue is classified as CWE-307 (Improper Restriction of Excessive Authentication Attempts) with a CVSS v4.0 score of 1.7 (LOW) (GitHub Advisory, Wiz).

The vulnerability exists in the change password functionality where there is no limit on password attempt tries. The issue is classified with a CVSS v4.0 vector string CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U, indicating a low severity score of 1.7 (Wiz).

If an attacker gains access to an authenticated session, they can attempt to brute-force the user password by repeatedly calling the change password functionality. The system will return a 'wrong password' message until the correct password is found, potentially leading to unauthorized access (GitHub Advisory).

The vulnerability has been fixed in vantage6 version 4.11. No workarounds are available for earlier versions, making upgrading to the patched version the only mitigation option (GitHub Advisory).