CVE-2025-26357

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Feb 12, 2025

CWE ID 35

Summary

CVE-2025-26357 is a vulnerability affecting Q-Free MaxTime versions 2.11.0 and below. This issue, classified as a CWE-35 "Path Traversal" vulnerability, allows authenticated remote attackers to read sensitive files by crafting malicious HTTP requests. By exploiting this flaw, attackers can potentially gain unauthorized access to critical data, posing a significant security risk. The impacted component is identified as maxtime/api/database/database.lua within the application. Upgrading to the latest version is recommended to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Q-Free Maxtime

Affected Vendors

Nozomi Networks

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3Ig6g0
https://www.cve.org/CVERecord?id=CVE-2025-26357
https://nvd.nist.gov/vuln/detail/CVE-2025-26357

Back to Vulnerability Database