CVE-2025-2407

Summary

Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the network. The vulnerability is fixed in Version 1.5.

Affected Software

VendorProductVersion RangeStatus
MobatimeAMX MTAPI0 <= 6affected
MobatimeAMXGT-1000 < 1.5affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function
  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References