CVE-2025-1501
BaseFortify
Publication date: 2025-08-26
Last updated on: 2025-08-26
Assigner: Nozomi Networks Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nozomi_networks | cmc | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an access control flaw in Nozomi Networks' CMC software versions before 25.1.0. It occurs because the system does not properly enforce access restrictions on the Request Trace and Download Trace features. As a result, authenticated users with limited privileges can request and download trace files they should not have access to, potentially exposing sensitive network data. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows users with limited privileges to access and download trace files containing sensitive network information that they are not authorized to see. This unauthorized access could lead to exposure of confidential network data, which might be used for malicious purposes or compromise network security. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, restrict access to the web management interface using internal firewall features. The definitive solution is to upgrade to CMC version 25.1.0 or later. [1]