CVE-2025-13480

MEDIUM

Incorrect authorization in Fudo Enterprise

Title source: cna

Description

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been fixed in version 5.6.3

References (3)

Core 3

Core References

Product product

https://www.fudosecurity.com/product/enterprise

Third Party Advisory third-party-advisory

https://cert.pl/en/posts/2026/04/CVE-2025-13480

Release Notes release-notes

https://download.fudosecurity.com/documentation/fudo/5_6/rn/RN_5.6.3.pdf

Scores

CVSS v3 6.5

EPSS 0.0026

EPSS Percentile 16.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (2)

Fudo Security/Fudo Enterprise 5.5.0 - 5.6.2

fudosecurity/fudo_enterprise 5.5.0 - 5.6.3

Published Apr 20, 2026

Tracked Since Apr 20, 2026