How severe is CVE-2025-26339?

CVE-2025-26339 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-26339

Name: maxtime
Author: q-free

9.8CRITICAL

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the devic

게시됨: 2/12/2025업데이트됨: 10/24/2025

설명

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP requests.

AI 분석AI 기반

영향받는 제품

q-freemaxtime

참조

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26339
Third Party Advisory