CVE Vulnerabilities

CVE-2025-2859

Improper Authentication

Published: Mar 28, 2025 | Modified: Apr 04, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileges obtained by the user.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Potential Mitigations

References