CVE-2025-40897

Summary

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administrative actions on it, altering the rules configuration, and/or affecting their availability.

Affected Software

VendorProductVersion RangeStatus
Nozomi NetworksGuardian0 < 26.0.0affected
Nozomi NetworksCMC0 < 26.0.0affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

Workarounds

Remove or revoke access to Threat Intelligence users with view-only privileges until a fix is applied.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

Additional References

References