प्लेटफ़ॉर्म
other
घटक
maxtime
में ठीक किया गया
2.11.1
CVE-2025-26341 describes a critical vulnerability in Q-Free MaxTime, specifically a missing authentication check for password reset functionality. This allows an unauthenticated remote attacker to manipulate HTTP requests and arbitrarily reset user passwords, potentially granting them unauthorized access to accounts. The vulnerability affects versions 0 through 2.11.0, and a patch is available in version 2.11.1.
The impact of CVE-2025-26341 is severe due to the ease of exploitation and the potential for widespread account compromise. An attacker could leverage this vulnerability to gain full control over user accounts within the MaxTime system. This could lead to unauthorized access to sensitive data, modification of system configurations, and potentially even complete system takeover. The lack of authentication means no prior knowledge of user credentials is required, making it a highly accessible attack vector. Successful exploitation could result in significant operational disruption and reputational damage.
CVE-2025-26341 was publicly disclosed on February 12, 2025. There is currently no indication of active exploitation in the wild, nor are there any publicly available proof-of-concept exploits. The vulnerability's simplicity and critical severity suggest it may become a target for opportunistic attackers. It is not currently listed on the CISA KEV catalog.
Organizations utilizing Q-Free MaxTime versions 0 through 2.11.0, particularly those with publicly accessible instances or those lacking robust network segmentation, are at significant risk. Shared hosting environments where multiple users share the same MaxTime instance are also particularly vulnerable.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.99% (77% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-26341 is to immediately upgrade Q-Free MaxTime to version 2.11.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting external access to the password reset endpoint or implementing stricter rate limiting to prevent brute-force attempts. Monitor access logs for suspicious activity, particularly requests to the password reset endpoint. After upgrading, confirm the vulnerability is resolved by attempting a password reset request from an unauthenticated source – it should be rejected.
Q-Free MaxTime को 2.11.0 से बाद के संस्करण में अपडेट करें। यह पासवर्ड रीसेट के महत्वपूर्ण फ़ंक्शन के लिए प्रमाणीकरण की कमी को ठीक करेगा। अपडेट के बारे में अधिक जानकारी के लिए विक्रेता की सुरक्षा सलाह देखें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-26341 is a critical vulnerability in Q-Free MaxTime versions 0–2.11.0 that allows unauthenticated attackers to reset user passwords via HTTP requests.
If you are using Q-Free MaxTime versions 0 through 2.11.0, you are potentially affected by this vulnerability.
Upgrade to Q-Free MaxTime version 2.11.1 or later to resolve the vulnerability. Consider temporary workarounds if immediate upgrade is not possible.
There is currently no evidence of active exploitation, but the vulnerability's severity suggests it may become a target.
Refer to the Q-Free security advisory for detailed information and updates regarding CVE-2025-26341.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।