CVE-2025-26788

CVSS 3.1 Score 8.4 of 10 (high)

Details

Published Feb 14, 2025

Updated: Feb 15, 2025

CWE ID 639

Summary

CVE-2025-26788 is a vulnerability affecting StrongKey FIDO Servers prior to version 4.15.1. Despite being configured for non-discoverable transactions in the namedcredential flow, these servers incorrectly process such flows as discoverable transactions. This misconfiguration could potentially allow an attacker to obtain sensitive information, compromising the security of the authentication process. Users are advised to upgrade to version 4.15.1 or contact the vendor for a patch to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3WxTIS
https://www.cve.org/CVERecord?id=CVE-2025-26788
https://nvd.nist.gov/vuln/detail/CVE-2025-26788

Back to Vulnerability Database

CVE-2025-26788

CVSS 3.1 Score 8.4 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations