CVE-2025-40897
Received Received - Intake
Access Control Bypass in Threat Intelligence Allows Admin Actions

Publication date: 2026-04-15

Last updated on: 2026-04-15

Assigner: Nozomi Networks Inc.

Description
An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administrative actions on it, altering the rules configuration, and/or affecting their availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-15
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40897
EUVD
EUVD-2025-209469
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nozomi_networks guardian to 26.0.0 (exc)
nozomi_networks cmc to 26.0.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-40897 is an access control vulnerability in the Threat Intelligence functionality of Guardian and CMC products prior to version 26.0.0.

The issue occurs because a specific access restriction is not properly enforced for users who have view-only privileges.

As a result, authenticated users with only view-only access can perform unauthorized administrative actions, such as modifying rules configurations or affecting the availability of the Threat Intelligence feature.

Impact Analysis

This vulnerability allows users with only view-only privileges to perform administrative actions they should not be authorized to do.

Such unauthorized actions include altering rules configurations and impacting the availability of the Threat Intelligence functionality.

This can lead to potential disruption of security monitoring and threat detection capabilities, increasing the risk of undetected threats or misconfigurations.

Mitigation Strategies

To mitigate the risk of this vulnerability, it is recommended to remove or revoke Threat Intelligence access for users with view-only privileges until the issue is resolved.

The definitive solution is to upgrade the affected Guardian and CMC products to version 26.0.0 or later, where the vulnerability has been addressed.

Compliance Impact

The provided information does not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability involves an access control flaw where authenticated users with view-only privileges can perform unauthorized administrative actions on the Threat Intelligence functionality.

To detect this vulnerability on your system, you should verify if any users with view-only privileges are able to modify rules configurations or affect the availability of the Threat Intelligence feature.

Since the vulnerability is related to improper enforcement of access restrictions, detection involves auditing user actions and permissions within the Guardian or CMC products prior to version 26.0.0.

No specific detection commands are provided in the available resources. However, general steps include:

  • Review user roles and permissions to identify any view-only users with unexpected administrative capabilities.
  • Audit logs for any administrative actions performed by users who should only have view-only access.
  • Check the version of your Guardian or CMC product to confirm if it is prior to 26.0.0, as the vulnerability is fixed in 26.0.0 and later.

For specific commands, consult your product's audit or logging tools to extract user activity related to Threat Intelligence configuration changes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40897. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart