How severe is CVE-2025-26339?

CVE-2025-26339 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-26339

Name: maxtime
Author: q-free

9.8CRITICAL

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the devic

Veröffentlicht: 2/12/2025Aktualisiert: 10/24/2025

Beschreibung

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP requests.

KI-AnalyseKI-gestützt

Betroffene Produkte

q-freemaxtime

Referenzen

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26339
Third Party Advisory