CVE-2025-0556 HIGH

CVE-2025-0556: Telerik Report Server Clear Text Transmission of Agent Commands

Vendor Progress Software
Product Telerik Report Server
Weakness CWE-319 · Cleartext transmission
Published February 12, 2025
Last update February 12, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing.

Key dates

02Disclosure timeline

February 12, 2025 CVE published
February 12, 2025 Record updated