CVE-2025-66698
Authentication Bypass in Semantic Machines v5.4.8 APIs
Publication date: 2026-01-13
Last updated on: 2026-02-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| semantic_systems_inc | veda | to 5.4.8 (exc) |
| semantic-machines | veda | 5.4.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized access to sensitive information including personally identifiable information (PII) such as full names, photographs, job titles, birth dates, and contact details. This exposure of PII can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls on access to personal data and protection against unauthorized disclosure. [2]
Can you explain this vulnerability to me?
CVE-2025-66698 is an authentication bypass vulnerability in Semantic Machines Veda version 5.4.8 and likely earlier versions. It occurs because the system improperly validates the 'ticket' parameter, accepting an empty string as a valid session token. This flaw allows attackers to send crafted HTTP requests to various API endpoints and gain unauthorized access without any privileges or user interaction. [2]
How can this vulnerability impact me? :
This vulnerability can allow remote attackers to bypass authentication and access sensitive information such as user policies and personally identifiable information (PII) including full names, photographs, job titles, birth dates, and contact details. Attackers can enumerate default users and system accounts, leading to a high confidentiality impact. However, it does not affect data integrity or availability. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending HTTP requests with an empty 'ticket' parameter to the affected API endpoints and checking for unauthorized access. Example commands include using curl to test endpoints such as: curl -k "https://localhost/get_individual?ticket=&uri=cfg:Administrator" curl -k "https://localhost/get_membership?ticket=&uri=cfg:SuperUser" curl -k "https://localhost/is_ticket_valid?ticket=" If the last endpoint returns "true" with an empty ticket, it confirms the authentication bypass vulnerability. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable API endpoints, implementing proper validation to reject empty or invalid 'ticket' parameters, and applying any available patches or updates from the vendor. Additionally, monitoring for suspicious requests with empty tickets and disabling or limiting the use of hardcoded system tickets can reduce risk until a fix is applied. [2]