← Back

CVE-2025-1102

nvd nist
Published: Feb 12, 2025Modified: Oct 24, 2025

JSON object

Loading...
7.1
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Exploitability: 1.8 / Impact: 5.2
Source: NVD

Description

A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability via crafted URLs or HTTP requests.

Affected (1)

Products: Q Free: Maxtime
Q Free
1 product
Maxtime
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Maxtime
Up to 2.11.0

Related CWEs

CWE-346
Origin Validation Error
The product does not properly verify that the source of data or communication is valid.

References (1)

Source: prodsec@nozominetworks.com
Third Party Advisory

Timeline

No history available yet.