How severe is CVE-2025-26339?

CVE-2025-26339 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-26339

Name: maxtime
Author: q-free

9.8CRITICAL

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the devic

Publicado: 2/12/2025Atualizado: 10/24/2025

Descrição

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP requests.

Análise IADesenvolvido por IA

Produtos Afetados

q-freemaxtime

Referências

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26339
Third Party Advisory