CVE-2025-1102

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Feb 12, 2025

CWE ID 346

Summary

CVE-2025-1102 is a vulnerability affecting Q-Free MaxTime versions 2.11.0 and below. This issue, classified as a CWE-346 "Origin Validation Error," enables unauthenticated attackers to manipulate the device's confidentiality, integrity, and availability through crafted URLs or HTTP requests. The CORS configuration in Q-Free MaxTime lacks proper origin validation, allowing an attacker to bypass access controls and execute malicious actions. This vulnerability poses a significant risk and requires immediate attention for organizations using the affected software.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Q-Free Maxtime

Affected Vendors

Nozomi Networks

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3IhERV
https://www.cve.org/CVERecord?id=CVE-2025-1102
https://nvd.nist.gov/vuln/detail/CVE-2025-1102

Back to Vulnerability Database