CVE-2025-1418

Summary

A low-privileged user can access information about profiles created in Proget MDM (Mobile Device Management), which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information (including their usage in connected devices).   

This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).

Affected Software

VendorProductVersion RangeStatus
ProgetProget0 < 2.17.5affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References