How severe is CVE-2025-22961?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2025-22961?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2025-22961 - HIGH Severity | CVSS 8

Vulnerability Description

A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284). Unauthenticated attackers can directly access sensitive database backup files (snapshot_users.db) via publicly exposed URLs (/logs/devcfg/snapshot/ and /logs/devcfg/user/). Exploiting this vulnerability allows retrieval of sensitive user data, including login credentials, potentially leading to full system compromise.

Related Vulnerabilities

CVE-2016-1489

HIGH

CVSS:8.0(High)

Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network ...

CWE-2002016

CVE-2016-3651

HIGH

CVSS:8.0(High)

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors.

CWE-2002016

CVE-2017-5262

HIGH

CVSS:8.0(High)

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.

CWE-2002017

CVE-2018-1240

HIGH

CVSS:8.0(High)

Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the...

CWE-2002018

CVE-2018-8209

HIGH

CVSS:8.0(High)

An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Windows Wireless Network Profile Information Disclos...

CWE-2002018

CVE-2021-22825

HIGH

CVSS:8.0(High)

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks o...

CWE-2002021