CVE-2025-1501 MEDIUM

CVE-2025-1501: Incorrect authorization for traces request/download in CMC before 25.1.0

Vendor Nozomi Networks

Product CMC

Weakness CWE-863 · Incorrect authorization

Published August 26, 2025

Last update August 26, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can request and download trace files due to improper access restrictions, potentially exposing unauthorized network data.

Key dates

02Disclosure timeline

August 26, 2025 CVE published

August 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-1501

Related vulnerabilities

CVE-2025-1501: Incorrect authorization for traces request/download in CMC before 25.1.0

01Description

02Disclosure timeline

03References

04Related CVE