CVE-2025-24502 | THREATINT

Description

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.

PUBLISHED Reserved 2025-01-22 | Published 2025-01-30 | Updated 2025-02-05 | Assigner symantec

MEDIUM: 5.3CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Product status

Default status

affected

3.4.6

affected

4.1.0 (custom)

affected

4.2.0

affected

Credits

Stefan Grönke (gronke@radicallyopensecurity.com) finder

References

support.broadcom.com/...l/content/SecurityAdvisories/0/25362

cve.org (CVE-2025-24502)

nvd.nist.gov (CVE-2025-24502)

Download JSON