CVE-2025-49603
BaseFortify
Publication date: 2025-06-26
Last updated on: 2025-06-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49603 is an improper access control vulnerability in the Role-Based Access Control (RBAC) system of Northern.tech Mender Server versions before 3.7.11 and 4.0.1. It allows users with access to certain static device groups to gain unauthorized access to additional devices and groups beyond their permissions via the API. This includes reading information about unauthorized devices and groups, deploying updates to devices outside their authorized groups, and deleting dynamic device groups without proper permissions. Exploitation requires a compromised user session within the organization and is not possible across tenants or by unauthenticated users. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized users within your organization to access sensitive device and group information, deploy updates to devices they should not control, and delete dynamic device groups without permission. This could lead to unintended device management actions, potential disruption of device operations, and unauthorized changes to your device fleet. However, if cryptographically signed artifacts are enforced, attackers cannot deploy unsigned or malicious updates but might redeploy previously signed updates. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be done by checking the Mender Server version via the UI or Helm chart to verify if it is prior to 3.7.11 or 4.0.1, which are vulnerable. No specific commands are provided in the resources. For further assistance, users can contact Northern.tech support. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Mender Server to version 3.7.11 or 4.0.1 and later, enforcing the use of cryptographically signed artifacts, employing strong authentication methods such as SAML, SSO, or 2FA, and following the principle of least privilege by limiting admin roles and granting read-only access where appropriate. [1]