216.73.217.50

CVE-2025-54765

· Published 29/07/2025 00:15 · Modified 29/07/2025 14:15

Labels: CVE-2025-54765 2025-07-29CVE-2025-54765CWE-648bbf0bd87-ece2-41be-b873-96928ee8fab9

Essential information

Published
29/07/2025 00:15
Modified
29/07/2025 14:15
Author
Creator
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include granting themselves administrative level permissions.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
bbf0bd87-ece2-41be-b873-96928ee8fab9
NVD
View on NVD

Affected products (CPE)

ProductCPE
* / * cpe:2.3:a:*:*:*:*:*:*:*:*:*:*:*

References