CVE-2025-26365

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 12, 2025

CWE ID 306

Summary

CVE-2025-26365 is a vulnerability affecting Q-Free MaxTime version 2.11.0 and below. It is classified as a CWE-306 issue, where the critical function of enabling front panel authentication is missing authentication. An unauthenticated remote attacker can exploit this vulnerability by sending crafted HTTP requests, enabling front panel authentication without proper authorization. This poses a significant risk for unauthorized access to the system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Q-Free Maxtime

Affected Vendors

Nozomi Networks

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3IhRJY
https://www.cve.org/CVERecord?id=CVE-2025-26365
https://nvd.nist.gov/vuln/detail/CVE-2025-26365

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners