CVE-2025-1416

HIGH Year: 2025
Weakness Type
CWE-863
View all →

Vulnerability Description

In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM (Mobile Device Management). For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-1417. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).

Related Vulnerabilities

CVE-2020-13300

CRITICAL
CVSS:10.0(Critical)

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.

CWE-8632020

CVE-2021-38503

CRITICAL
CVSS:10.0(Critical)

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affec...

CWE-8632021

CVE-2023-22518

CRITICAL
CVSS:10.0(Critical)

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and c...

CWE-8632023

CVE-2023-4617

CRITICAL
CVSS:10.0(Critical)

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "...

CWE-8632023

CVE-2021-26753

CRITICAL
CVSS:9.9(Critical)

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to th...

CWE-8632021

CVE-2024-21010

CRITICAL
CVSS:9.9(Critical)

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easil...

CWE-8632024