CVE-2025-13480
Improper Access Control in Fudo Enterprise Exposes Admin Data
Publication date: 2026-04-20
Last updated on: 2026-04-20
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fudo | enterprise | From 5.5.0 (inc) to 5.6.2 (inc) |
| fudo | enterprise | 5.6.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Fudo Enterprise versions 5.5.0 through 5.6.2 allows low privileged users to access administrator-only resources, including sensitive information such as system logs and system configuration settings. This unauthorized access to sensitive data could potentially compromise compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive and personal data.
Fudo Enterprise is designed to support compliance with regulatory frameworks such as GDPR and HIPAA by providing comprehensive session recording, immutable audit trails, centralized compliance dashboards, and automated compliance reporting. However, the presence of this vulnerability undermines these compliance features by allowing unauthorized access through improperly protected API endpoints.
The vulnerability has been fixed in version 5.6.3, which includes multiple security improvements and bug fixes to address such issues, thereby restoring the integrity of access controls necessary for regulatory compliance.
Can you explain this vulnerability to me?
This vulnerability affects Fudo Enterprise versions 5.5.0 through 5.6.2, where low privileged users can access certain administrator-only resources due to improperly protected API endpoints.
Specifically, these improperly protected endpoints allow access to sensitive information such as system logs and parts of system configuration settings.
The issue has been fixed in version 5.6.3.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing low privileged users to gain access to sensitive administrator-only information.
Exposure of system logs and configuration settings could lead to unauthorized disclosure of sensitive data, potential information leakage, and could aid attackers in further compromising the system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Fudo Enterprise to version 5.6.3 or later, where the issue has been fixed.