CVE-2025-2911

Summary

Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to identify multiple users and perform brute force attacks via extensions.

Affected Software

VendorProductVersion RangeStatus
FermaxMeetMe0 < 2024-09affected

Weaknesses

  • CWE-307: CWE-307 Improper Restriction of Excessive Authentication Attempts

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References