CVE-2025-1501
MEDIUMNozomi Networks CMC < 25.1.0 - Authenticated Incorrect Authorization in Request Trace and Download Trace
Title source: llmDescription
An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can request and download trace files due to improper access restrictions, potentially exposing unauthorized network data.
References (1)
Core 1
Core References
Various Sources
https://security.nozominetworks.com/NN-2025:3-01
Scores
CVSS v3
4.3
EPSS
0.0019
EPSS Percentile
9.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-863
Status
published
Products (1)
Nozomi Networks/CMC
< 25.1.0
Published
Aug 26, 2025
Tracked Since
Feb 18, 2026