CVE-2025-49603

Published: Jun 26, 2025Modified: Jun 26, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control.

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://mender.io/blog/cve-2025-49603-improper-access-control-of-device-groups-in-mender-server

Source: cve@mitre.org

https://northern.tech

Source: cve@mitre.org

Timeline

No history available yet.