Description
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests.
INFO
Published Date :
2025-02-12T13:27:47.970Z
Last Modified :
2025-02-17T10:08:18.709Z
Source :
Nozomi
AFFECTED PRODUCTS
The following products are affected by CVE-2025-26347 vulnerability.
| Vendors | Products |
|---|---|
| Q-free |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2025-26347.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact