CVE-2025-13480 MEDIUM

CVE-2025-13480: Incorrect authorization in Fudo Enterprise

Vendor Fudo Security

Product Fudo Enterprise

Weakness CWE-863 · Incorrect authorization

Published April 20, 2026

Last update April 20, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been fixed in version 5.6.3

Key dates

02Disclosure timeline

April 20, 2026 CVE published

April 20, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-13480 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2025-48474 FreeScout Vulnerable to Insufficient Authorization CVE-2019-8445 CVE-2026-2386 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type' CVE-2024-7604 Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability CVE-2023-5193 System Role with manage posts permission can read posts of Direct Messages