How severe is CVE-2025-26339?

CVE-2025-26339 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-26339

Name: maxtime
Author: q-free

9.8CRITICAL

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the devic

Published: 2/12/2025Updated: 10/24/2025

Description

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP requests.

AI AnalysisPowered by AI

Affected Products

q-freemaxtime

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26339
Third Party Advisory