CVE-2025-13480

EPSS 0.26%
Veröffentlicht 20.04.2026 09:00:16
Zuletzt bearbeitet 11.05.2026 16:54:56
Quelle cvd@cert.pl
CVE-Watchlists
Login
Unerledigt
Login

Incorrect authorization in Fudo Enterprise

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings.
This vulnerability has been fixed in version 5.6.3

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fudosecurity ≫ Fudo Enterprise Version >= 5.5.0 < 5.6.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.168

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvd@cert.pl	5.1	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.fudosecurity.com/product/enterprise

Product

https://cert.pl/en/posts/2026/04/CVE-2025-13480

Third Party Advisory

https://download.fudosecurity.com/documentation/fudo/5_6/rn/RN_5.6.3.pdf

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-13480

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-13480

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-13480

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-13480