CVE-2025-25709

Summary

CVE-2025-25709 is a vulnerability affecting dtp.ae tNexus Airport View version 2.8. This issue enables a remote attacker to escalate privileges by exploiting flaws in the addUser and updateUser endpoints. (1) By manipulating these endpoints, an attacker can elevate their access level, potentially gaining administrative control over the system. (2) The vulnerability could result in significant security risks, including unauthorized access to sensitive airport data and the ability to make unauthorized changes. (3) It is crucial for organizations using this software to apply the necessary patches promptly to mitigate this risk. (4) Failure to address this issue could leave airport systems vulnerable to cyber attacks with potentially severe consequences. (5) Users are advised to contact dtp.ae for the latest information on patches and mitigation strategies.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.