CVE-2025-26374

Summary

CVE-2025-26374 is a vulnerability affecting Q-Free MaxTime versions 2.11.0 and below. This issue, classified as CWE-862 "Missing Authorization," enables authenticated, low-privileged attackers to enumerate users by making crafted HTTP requests to the users endpoint in maxprofile/users/routes.lua. This vulnerability can potentially lead to unintended information disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.