216.73.217.86

CVE-2025-1416

· Published 21/05/2025 13:16 · Modified 21/05/2025 20:24

Labels: CVE-2025-1416 2025-05-21CVE-2025-1416CWE-863[email protected]

Essential information

Published
21/05/2025 13:16
Modified
21/05/2025 20:24
Author
Creator
CVSS
7.0 HIGH (v3) 7.0 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM (Mobile Device Management). For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-1417. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
konsola / proget cpe:2.3:a:konsola:proget:2.17.5:*:*:*:*:*:*:*

References