What the vulnerability does
01Description
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVSS base score
—
Key dates
02Disclosure timeline
October 14, 2022
CVE published
May 15, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-41736 Information Disclosure vulnerability in SAP Permit to Work
CVE-2025-2883 Accept SagePay Payments Using Contact Form 7 <= 2.0 - Unauthenticated Information Exposure
CVE-2024-8852 All-in-One WP Migration and Backup <= 7.86 - Unauthenticated Information Disclosure via Error Logs
CVE-2026-45192 Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response
CVE-2020-2022 PAN-OS: Panorama session disclosure during context switch into managed device
