How severe is CVE-2025-26362?

CVE-2025-26362 has a CVSS v3 score of 7.5 (HIGH).

CVE-2025-26362

Name: maxtime
Author: q-free

7.5HIGH

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbit

Published: 2/12/2025Updated: 10/28/2025

Description

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests.

AI AnalysisPowered by AI

Affected Products

q-freemaxtime

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26362
Third Party Advisory