CVE-2025-62625 MEDIUM

CVE-2025-62625

Weakness CWE-269
Published May 14, 2026
Last update May 14, 2026

CVSS base score

6.0/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Improper privilege management in the KVM key download component could allow an attacker to swap tokens and download sensitive keys, potentially resulting in unauthorized access to privileged resources and loss of confidentiality.

Key dates

02Disclosure timeline

May 14, 2026 CVE published
May 14, 2026 Record updated