CVE-2025-26343

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Feb 12, 2025

CWE ID 1390

Summary

CVE-2025-26343 is a newly disclosed vulnerability affecting Q-Free MaxTime versions 2.11.0 and below. This weakness, classified as CWE-1390 "Weak Authentication," allows unauthenticated attackers to launch brute-force attacks on user PINs by sending multiple crafted HTTP requests. The vulnerability can be exploited remotely, making it a significant security risk. Attackers can gain unauthorized access to user accounts and potentially sensitive information. Users are urged to upgrade to the latest version of Q-Free MaxTime to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Q-Free Maxtime

Affected Vendors

Nozomi Networks

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3IhEQ8
https://www.cve.org/CVERecord?id=CVE-2025-26343
https://nvd.nist.gov/vuln/detail/CVE-2025-26343

Back to Vulnerability Database