CVE-2025-26350

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Feb 12, 2025

CWE ID 434

Summary

CVE-2025-26350 is a vulnerability affecting Q-Free MaxTime version 2.11.0 and below. This issue is classified as CWE-434: Unrestricted Upload of File with Dangerous Type. An authenticated attacker can exploit this vulnerability by uploading malicious files through crafted HTTP requests during template file uploads. Successful exploitation may result in arbitrary code execution, leading to potential security compromises. It is recommended that users update their Q-Free MaxTime software to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Q-Free Maxtime

Affected Vendors

Nozomi Networks

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3IhRJR
https://www.cve.org/CVERecord?id=CVE-2025-26350
https://nvd.nist.gov/vuln/detail/CVE-2025-26350

Back to Vulnerability Database