CVE-2025-26358

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Feb 12, 2025

CWE ID 20

Summary

CVE-2025-26358 is a vulnerability affecting Q-Free MaxTime versions 2.11.0 and below. This issue, classified as CWE-20 "Improper Input Validation," enables authenticated attackers to manipulate system configurations through crafted HTTP requests. By exploiting this flaw, an adversary can make unauthorized changes, potentially leading to significant security consequences. The vulnerability exists in ldbMT.so and allows for remote manipulation, posing a serious threat to affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Q-Free Maxtime

Affected Vendors

Nozomi Networks

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3IhRJW
https://www.cve.org/CVERecord?id=CVE-2025-26358
https://nvd.nist.gov/vuln/detail/CVE-2025-26358

Back to Vulnerability Database