ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

Hidroelectrica Company CyberSecurity Posture

hidroelectrica.ro
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Hidroelectrica este principalul producător de energie electrică din România, un jucător important în domeniul hidroenergetic în Europa și principalul furnizor de servicii de sistem din România, având un rol important pentru securitatea SEN. Societatea deține și exploatează 182 de centrale hidroelectrice, 5 stații de pompare, un parc eolian cu o putere instalată totală de 108 MW și are o capacitate totală instalată de producere a energiei hidroelectrice de 6,3 GW. Societatea are șapte sucursale hidroelectrice și o sucursală ce administrează parcul eolian Crucea, Porțile de Fier și Vâlcea fiind cele mai importante din punct de vedere al capacităților acestora de producție a energiei și ponderilor în producția de energie totală a Grupului. Societatea s-a angajat să producă energie 100% din surse regenerabile și a jucat, încă de la început, un rol esențial în proiectarea și crearea de concepte tehnologice și operaționale care au devenit standardul în sectorul sau de activitate. Totodată, Hidroelectrica este vânzător angro, precum și furnizor de energie electrică direct către clienții finali, clienți casnici (rezidențiali) și noncasnici (incluzând afaceri din diverse sectoare industriale, cum ar fi construcția de automobile, telecomunicații și construcții etc). Ca producător de energie din sursă hidro și, mai recent, din sursă eoliană, societatea valorifică sinergiile existente între portofoliul de producție și cel de furnizare, dar și cele generate prin diversificarea portofoliului de producție către alte surse regenerabile, cum ar fi energia eoliană și solară prin mixarea acestora cu sursa hidro. Începând cu data de 12 iulie 2023, societatea este listată la Bursa de Valori București, la sfârșitul lunii octombrie 2023, Hidroelectrica ocupând locul 1 în top tranzacționare la BVB, cu o valoare de 2,8 miliarde RON.

Hidroelectrica A.I CyberSecurity Scoring

Hidroelectrica

Company Details

Linkedin ID:

hidroelectrica-s-a

Website:

https://www.hidroelectrica.ro/

Employees number:

615

Number of followers:

11,802

NAICS:

22

Industry Type:

Utilities

Homepage:

hidroelectrica.ro

IP Addresses:

0

Company ID:

HID_1628203

Scan Status:

In-progress

AI scoreHidroelectrica Risk Score (AI oriented)

Between 700 and 749

https://images.rankiteo.com/companyimages/hidroelectrica-s-a.jpeg
Hidroelectrica Utilities
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreHidroelectrica Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/hidroelectrica-s-a.jpeg
Hidroelectrica Utilities
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Hidroelectrica Company CyberSecurity News & History

Past Incidents
1
Attack Types
1
EntityTypeSeverityImpactSeenBlog DetailsSupply Chain SourceIncident DetailsView
Oltenia Energy Complex, Administrația Națională Apele Române and Electrica Group: Romanian energy provider hit by Gentlemen ransomware attackRansomware100612/2025NA
COMDIRHID1767023731
Rankiteo Explanation :
Attack threatening the economy of geographical region

Description: **Romania’s Largest Coal Energy Provider Hit by Ransomware Attack** Romania’s largest coal-based energy producer, **Oltenia Energy Complex (Complexul Energetic Oltenia)**, suffered a **ransomware attack** on **December 26**, disrupting its IT infrastructure. The state-owned company, which employs **19,000 people** and supplies **30% of Romania’s electricity**, reported that the incident encrypted files and temporarily disabled critical systems, including **ERP platforms, document management tools, email services, and its website**. While the attack **partially affected operations**, the company confirmed that the **National Energy System remained stable**. IT teams immediately began restoring systems from backups, though the full impact—including potential data theft—is still under assessment. Authorities, including the **National Cyber Security Directorate, Ministry of Energy, and DIICOT (Romania’s cybercrime investigation unit)**, were notified, and a criminal complaint was filed. The attack has been attributed to the **Gentlemen ransomware group**, which emerged in **August 2024** and is known for exploiting compromised credentials and exposed services. The gang typically leaves **README-GENTLEMEN.txt** ransom notes and appends the **.7mtzhh** extension to encrypted files. Though the group has listed nearly **40 victims** on its leak site, Oltenia Energy Complex has not yet appeared, suggesting possible ransom negotiations. This incident follows another recent attack on **Romanian Waters (Administrația Națională Apele Române)**, the country’s water management authority, which disrupted **1,000 systems** across 10 regional offices earlier in December—though core operations remained unaffected. Romania has faced a surge in ransomware attacks, including a **2023 breach of Electrica Group** by the **Lynx gang** and a **February 2024 Backmydata ransomware attack** that forced over **100 hospitals** offline.

Oltenia Energy Complex, Administrația Națională Apele Române and Electrica Group: Romanian energy provider hit by Gentlemen ransomware attack
Ransomware
Severity: 100
Impact: 6
Seen: 12/2025
Blog:
Supply Chain Source: NA
COMDIRHID1767023731
Rankiteo Explanation
Attack threatening the economy of geographical region

Description: **Romania’s Largest Coal Energy Provider Hit by Ransomware Attack** Romania’s largest coal-based energy producer, **Oltenia Energy Complex (Complexul Energetic Oltenia)**, suffered a **ransomware attack** on **December 26**, disrupting its IT infrastructure. The state-owned company, which employs **19,000 people** and supplies **30% of Romania’s electricity**, reported that the incident encrypted files and temporarily disabled critical systems, including **ERP platforms, document management tools, email services, and its website**. While the attack **partially affected operations**, the company confirmed that the **National Energy System remained stable**. IT teams immediately began restoring systems from backups, though the full impact—including potential data theft—is still under assessment. Authorities, including the **National Cyber Security Directorate, Ministry of Energy, and DIICOT (Romania’s cybercrime investigation unit)**, were notified, and a criminal complaint was filed. The attack has been attributed to the **Gentlemen ransomware group**, which emerged in **August 2024** and is known for exploiting compromised credentials and exposed services. The gang typically leaves **README-GENTLEMEN.txt** ransom notes and appends the **.7mtzhh** extension to encrypted files. Though the group has listed nearly **40 victims** on its leak site, Oltenia Energy Complex has not yet appeared, suggesting possible ransom negotiations. This incident follows another recent attack on **Romanian Waters (Administrația Națională Apele Române)**, the country’s water management authority, which disrupted **1,000 systems** across 10 regional offices earlier in December—though core operations remained unaffected. Romania has faced a surge in ransomware attacks, including a **2023 breach of Electrica Group** by the **Lynx gang** and a **February 2024 Backmydata ransomware attack** that forced over **100 hospitals** offline.

Ailogo

Hidroelectrica Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for Hidroelectrica

Incidents vs Utilities Industry Average (This Year)

Hidroelectrica has 6.38% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

Hidroelectrica has 26.58% more incidents than the average of all companies with at least one recorded incident.

Incident Types Hidroelectrica vs Utilities Industry Avg (This Year)

Hidroelectrica reported 1 incidents this year: 0 cyber attacks, 1 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.

Incident History — Hidroelectrica (X = Date, Y = Severity)

Hidroelectrica cyber incidents detection timeline including parent company and subsidiaries

Hidroelectrica Company Subsidiaries

SubsidiaryImage

Hidroelectrica este principalul producător de energie electrică din România, un jucător important în domeniul hidroenergetic în Europa și principalul furnizor de servicii de sistem din România, având un rol important pentru securitatea SEN. Societatea deține și exploatează 182 de centrale hidroelectrice, 5 stații de pompare, un parc eolian cu o putere instalată totală de 108 MW și are o capacitate totală instalată de producere a energiei hidroelectrice de 6,3 GW. Societatea are șapte sucursale hidroelectrice și o sucursală ce administrează parcul eolian Crucea, Porțile de Fier și Vâlcea fiind cele mai importante din punct de vedere al capacităților acestora de producție a energiei și ponderilor în producția de energie totală a Grupului. Societatea s-a angajat să producă energie 100% din surse regenerabile și a jucat, încă de la început, un rol esențial în proiectarea și crearea de concepte tehnologice și operaționale care au devenit standardul în sectorul sau de activitate. Totodată, Hidroelectrica este vânzător angro, precum și furnizor de energie electrică direct către clienții finali, clienți casnici (rezidențiali) și noncasnici (incluzând afaceri din diverse sectoare industriale, cum ar fi construcția de automobile, telecomunicații și construcții etc). Ca producător de energie din sursă hidro și, mai recent, din sursă eoliană, societatea valorifică sinergiile existente între portofoliul de producție și cel de furnizare, dar și cele generate prin diversificarea portofoliului de producție către alte surse regenerabile, cum ar fi energia eoliană și solară prin mixarea acestora cu sursa hidro. Începând cu data de 12 iulie 2023, societatea este listată la Bursa de Valori București, la sfârșitul lunii octombrie 2023, Hidroelectrica ocupând locul 1 în top tranzacționare la BVB, cu o valoare de 2,8 miliarde RON.

similarCompanies

Hidroelectrica Similar Companies

Saudi Electricity Company
se.com.sa

The Saudi Electricity Company was established on the 5th of April in the year 2000, incorporated in accordance with Council of Ministers Mandate No. 169 dated November 30th, 1998, the Saudi Electricity Company was born out of the merger of smaller regional power company in the central, eastern, west

Security Report Compare

NTPC Limited is India’s largest power generation utility with roots planted way back in 1975 to accelerate power development in India. Since then it has established itself as the dominant power major with a presence in the entire value chain of the power generation business. From fossil fuels, it ha

Security Report Compare
ACCIONA
acciona.com

ACCIONA champions a different way of doing business: Business as Unusual, delivering benefits far beyond the corporate realm. Driven by the ambition to leave a positive legacy for society and design a better planet, we lead in developing solutions in renewable energy, sustainable water management,

Security Report Compare

Exelon Corporation (Nasdaq: EXC) is the nation’s largest utility company, serving more than 10 million customers through six fully regulated utilities. We believe that reliable and affordable energy is essential to a brighter, more sustainable future. We are a FORTUNE 250 company operating across

Security Report Compare
Hitachi Energy
hitachienergy.com

Hitachi Energy is a global technology leader in electrification, powering a sustainable energy future with innovative power grid technologies with digital at the core. Over three billion people depend on our technologies to power their daily lives. With over a century in pioneering mission-critical

Security Report Compare
WBSEDCL
wbsedcl.in

The Government of West Bengal has restructured the erstwhile WBSEB into two successor entities, namely West Bengal State Electricity Distribution Company Limited (WBSEDCL) and West Bengal State Electricity Transmission Company Limited (WBSETCL), under the ownership of the State Government. The two C

Security Report Compare
Pacific Gas and Electric Company
pge.com

Pacific Gas and Electric Company, incorporated in California in 1905, is one of the largest combination natural gas and electric utilities in the United States. Based in San Francisco, the company is a subsidiary of PG&E Corporation. There are approximately 20,000 employees who carry out Pacific

Security Report Compare
Joint stock company "Elektroprivreda Srbije"
eps.rs

Joint stock company Elektroprivreda Srbije as the largest company in Serbia represents economic and energy backbone of the country. The main activities of EPS AD are the production, supply and trade of electricity. EPS is owner a the coal mines, thermopower plant and hydropower plant. EPS supplies e

Security Report Compare
Adani Group
adani.com

Adani Group is a diversified organisation in India comprising 10 publicly traded companies. It has created a world class transport and utility infrastructure portfolio that has a pan-India presence. Adani Group is headquartered in Ahmedabad, in the state of Gujarat, India. Over the years, Adani Grou

Security Report Compare
newsone

Hidroelectrica CyberSecurity News

March 24, 2022 07:00 AM
Andrei Larion, Hidroelectrica: “We want to implement a DMS system to help streamline the work within the company”

“Digitalization is very important for Hidroelectrica. We have many projects related to improving the customer experience.

Read Article
faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

Hidroelectrica CyberSecurity History Information

Official Website of Hidroelectrica

The official website of Hidroelectrica is https://www.hidroelectrica.ro/.

Hidroelectrica’s AI-Generated Cybersecurity Score

According to Rankiteo, Hidroelectrica’s AI-generated cybersecurity score is 708, reflecting their Moderate security posture.

How many security badges does Hidroelectrica’ have ?

According to Rankiteo, Hidroelectrica currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Does Hidroelectrica have SOC 2 Type 1 certification ?

According to Rankiteo, Hidroelectrica is not certified under SOC 2 Type 1.

Does Hidroelectrica have SOC 2 Type 2 certification ?

According to Rankiteo, Hidroelectrica does not hold a SOC 2 Type 2 certification.

Does Hidroelectrica comply with GDPR ?

According to Rankiteo, Hidroelectrica is not listed as GDPR compliant.

Does Hidroelectrica have PCI DSS certification ?

According to Rankiteo, Hidroelectrica does not currently maintain PCI DSS compliance.

Does Hidroelectrica comply with HIPAA ?

According to Rankiteo, Hidroelectrica is not compliant with HIPAA regulations.

Does Hidroelectrica have ISO 27001 certification ?

According to Rankiteo,Hidroelectrica is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of Hidroelectrica

Hidroelectrica operates primarily in the Utilities industry.

Number of Employees at Hidroelectrica

Hidroelectrica employs approximately 615 people worldwide.

Subsidiaries Owned by Hidroelectrica

Hidroelectrica presently has no subsidiaries across any sectors.

Hidroelectrica’s LinkedIn Followers

Hidroelectrica’s official LinkedIn profile has approximately 11,802 followers.

NAICS Classification of Hidroelectrica

Hidroelectrica is classified under the NAICS code 22, which corresponds to Utilities.

Hidroelectrica’s Presence on Crunchbase

No, Hidroelectrica does not have a profile on Crunchbase.

Hidroelectrica’s Presence on LinkedIn

Yes, Hidroelectrica maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/hidroelectrica-s-a.

Cybersecurity Incidents Involving Hidroelectrica

As of December 29, 2025, Rankiteo reports that Hidroelectrica has experienced 1 cybersecurity incidents.

Number of Peer and Competitor Companies

Hidroelectrica has an estimated 4,205 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at Hidroelectrica ?

Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.

How does Hidroelectrica detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and law enforcement notified with yes, and containment measures with it teams started rebuilding affected systems on new infrastructure using backups, and remediation measures with rebuilding affected systems on new infrastructure, and recovery measures with using existing backups, and communication strategy with public disclosure of incident details..

Incident Details

Can you provide details on each incident ?

Incident : Ransomware

measurementExposure impactImpact

Title: Ransomware Attack on Oltenia Energy Complex

Description: A ransomware attack hit Oltenia Energy Complex (Complexul Energetic Oltenia), Romania's largest coal-based energy producer, on the second day of Christmas, taking down its IT infrastructure. Several computer applications became temporarily unavailable, including ERP systems, document management applications, the company's email service, and website. The company's activity was partially affected without jeopardizing the operation of the National Energy System.

Date Detected: 2023-12-26

Type: Ransomware

Attack Vector: Compromised credentials and Internet-exposed services

Threat Actor: Gentlemen ransomware operation

Motivation: Financial gain

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Ransomware.

How does the company identify the attack vectors used in incidents ?

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Compromised credentials and Internet-exposed services.

Impact of the Incidents

What was the impact of each incident ?

Incident : Ransomware COMDIRHID1767023731

Data Compromised: Documents and files encrypted

Systems Affected: ERP systems, document management applications, email service, website

Operational Impact: Partially affected, but National Energy System operation not jeopardized

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Documents and files.

Which entities were affected by each incident ?

Incident : Ransomware COMDIRHID1767023731

Entity Name: Oltenia Energy Complex (Complexul Energetic Oltenia)

Entity Type: Energy Producer

Industry: Energy

Location: Romania

Size: 19,000+ employees

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Ransomware COMDIRHID1767023731

Incident Response Plan Activated: Yes

Law Enforcement Notified: Yes

Containment Measures: IT teams started rebuilding affected systems on new infrastructure using backups

Remediation Measures: Rebuilding affected systems on new infrastructure

Recovery Measures: Using existing backups

Communication Strategy: Public disclosure of incident details

What is the company's incident response plan?

Incident Response Plan: The company's incident response plan is described as Yes.

Data Breach Information

What type of data was compromised in each breach ?

Incident : Ransomware COMDIRHID1767023731

Type of Data Compromised: Documents and files

Data Exfiltration: Under assessment

Data Encryption: Yes (.7mtzhh file extension)

What measures does the company take to prevent data exfiltration ?

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Rebuilding affected systems on new infrastructure.

How does the company handle incidents involving personally identifiable information (PII) ?

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by it teams started rebuilding affected systems on new infrastructure using backups.

Ransomware Information

Was ransomware involved in any of the incidents ?

Incident : Ransomware COMDIRHID1767023731

Ransomware Strain: Gentlemen

Data Encryption: Yes

Data Exfiltration: Under assessment

How does the company recover data encrypted by ransomware ?

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Using existing backups.

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : Ransomware COMDIRHID1767023731

Legal Actions: Criminal complaint filed with DIICOT

Regulatory Notifications: Reported to National Cyber Security Directorate, Ministry of Energy, and other relevant authorities

How does the company ensure compliance with regulatory requirements ?

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Criminal complaint filed with DIICOT.

References

Where can I find more information about each incident ?

Incident : Ransomware COMDIRHID1767023731

Source: Trend Micro

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Trend Micro.

Investigation Status

What is the current status of the investigation for each incident ?

Incident : Ransomware COMDIRHID1767023731

Investigation Status: Ongoing

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public disclosure of incident details.

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : Ransomware COMDIRHID1767023731

Entry Point: Compromised credentials and Internet-exposed services

Additional Questions

General Information

Who was the attacking group in the last incident ?

Last Attacking Group: The attacking group in the last incident was an Gentlemen ransomware operation.

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on 2023-12-26.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident was Documents and files encrypted.

Response to the Incidents

What containment measures were taken in the most recent incident ?

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was IT teams started rebuilding affected systems on new infrastructure using backups.

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Documents and files encrypted.

Regulatory Compliance

What was the most significant legal action taken for a regulatory violation ?

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Criminal complaint filed with DIICOT.

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident is Trend Micro.

Investigation Status

What is the current status of the most recent investigation ?

Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.

Initial Access Broker

What was the most recent entry point used by an initial access broker ?

Most Recent Entry Point: The most recent entry point used by an initial access broker was an Compromised credentials and Internet-exposed services.

cve

Latest Global CVEs (Not Company-Specific)

Description

A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Published
Date
2025-12-28
Updated
Date
2025-12-28
Risk Information
cvss2
Base: 8.3
Severity: LOW
AV:N/AC:L/Au:M/C:C/I:C/A:C
cvss3
Base: 7.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Published
Date
2025-12-28
Updated
Date
2025-12-28
Risk Information
cvss2
Base: 8.3
Severity: LOW
AV:N/AC:L/Au:M/C:C/I:C/A:C
cvss3
Base: 7.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Published
Date
2025-12-28
Updated
Date
2025-12-28
Risk Information
cvss2
Base: 4.0
Severity: LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is identified as 5d11344150973f15e16d3ec4ee7550a73fb995e0. It is advisable to implement a patch to correct this issue.

Published
Date
2025-12-28
Updated
Date
2025-12-28
Risk Information
cvss2
Base: 4.3
Severity: LOW
AV:L/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

Published
Date
2025-12-28
Updated
Date
2025-12-28
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=hidroelectrica-s-a' -H 'apikey: YOUR_API_KEY_HERE'
Try It API Documentation rapidRapid

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo
By Rankiteo
View on G2.com
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
View latest reports → View all security reports →
Users Love Us Badge