CVE-2025-26372 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP routes.lua authorization

Posted by Angelo Barbosa | Feb 12, 2025 | CVE

A vulnerability, which was classified as problematic, has been found in Nozomi Q-Free MaxTime up to 2.11.0. Affected by this issue is some unknown functionality of the file maxprofile/user-groups/routes.lua of the component HTTP Handler. The manipulation leads to missing authorization.

This vulnerability is handled as CVE-2025-26372. The attack may be launched remotely. There is no exploit available.

CVE-2025-26372 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP routes.lua authorization

Related Posts

CVE-2021-27017 | PuppetPu Puppet Agent prior 7.4.0 deserialization

CVE-2023-46960 | PyPXE 1.8.4 tftp Module handle buffer overflow

CVE-2024-23454 | Apache Hadoop up to 3.3.x runJar.run temp file (HADOOP-19031)

CVE-2023-6243 | EventON Pro Plugin up to 4.6.8 on WordPress admin_test_email cross-site request forgery