How severe is CVE-2025-26339?

CVE-2025-26339 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-26339

Name: maxtime
Author: q-free

9.8CRITICAL

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the devic

公開日: 2/12/2025更新日: 10/24/2025

説明

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP requests.

AI分析AIによる分析

影響を受ける製品

q-freemaxtime

参照

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26339
Third Party Advisory