CVE-2025-26340

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 12, 2025

CWE ID 321

Summary

CVE-2025-26340 is a vulnerability affecting Q-Free MaxTime versions 2.11.0 and below. This issue, classified as CWE-321 "Use of Hard-coded Cryptographic Key," allows unauthenticated attackers to bypass the authentication mechanism in Q-Free MaxTime by crafting malicious HTTP requests. The hard-coded cryptographic key used in the JWT signing process renders the authentication vulnerable to attacks, potentially leading to unauthorized access and data breaches. Upgrading to the latest version is recommended to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Q-Free Maxtime

Affected Vendors

Nozomi Networks

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3IhZbh
https://www.cve.org/CVERecord?id=CVE-2025-26340
https://nvd.nist.gov/vuln/detail/CVE-2025-26340

Back to Vulnerability Database