CVE-2025-1501
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-26

Last updated on: 2025-08-26

Assigner: Nozomi Networks Inc.

Description
An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges.Β An authenticated user with limited privileges can request and download trace files due to improper access restrictions, potentially exposing unauthorized network data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-26
Last Modified
2025-08-26
Generated
2026-06-16
AI Q&A
2025-08-26
EPSS Evaluated
2026-06-14
NVD
CVE-2025-1501
EUVD
EUVD-2025-27682
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nozomi_networks cmc *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an access control flaw in Nozomi Networks' CMC software versions before 25.1.0. It occurs because the system does not properly enforce access restrictions on the Request Trace and Download Trace features. As a result, authenticated users with limited privileges can request and download trace files they should not have access to, potentially exposing sensitive network data. [1]

Impact Analysis

If exploited, this vulnerability allows users with limited privileges to access and download trace files containing sensitive network information that they are not authorized to see. This unauthorized access could lead to exposure of confidential network data, which might be used for malicious purposes or compromise network security. [1]

Mitigation Strategies

To mitigate this vulnerability immediately, restrict access to the web management interface using internal firewall features. The definitive solution is to upgrade to CMC version 25.1.0 or later. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-1501. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart