CVE-2025-1501

Incorrect authorization for traces request/download in CMC before 25.1.0

CVSS 5.3 MEDIUMEPSS 0.2%CWE-863

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

26 ago 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can request and download trace files due to improper access restrictions, potentially exposing unauthorized network data.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

Nozomi Networks · CMC

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://security.nozominetworks.com/NN-2025:3-01