CVE-2025-51054
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-10-09
Assigner: MITRE
Description
Description
Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vedo_suite_project | vedo_suite | 2024.17 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Vedo Suite 2024.17 is an Incorrect Access Control issue that allows remote attackers to obtain a valid high privilege JWT token without any prior authentication by sending an empty HTTP POST request to the /autologin/ API endpoint.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain unauthorized high privilege access to the system, potentially allowing them to perform actions or access data that should be restricted, leading to data compromise or unauthorized system control.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70