CVE-2025-40897
7.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administrative actions on it, altering the rules configuration, and/or affecting their availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Nozomi Networks | Guardian | 0 < 26.0.0 | affected |
| Nozomi Networks | CMC | 0 < 26.0.0 | affected |
Weaknesses
- CWE-863: CWE-863 Incorrect Authorization
Workarounds
Remove or revoke access to Threat Intelligence users with view-only privileges until a fix is applied.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.