CVE-2025-1417: CWE-863 Incorrect Authorization in Proget Proget
In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM (Mobile Device Management). This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of CVE-2025-1416. Successful exploitation requires UUID of a targeted backup, which cannot be brute forced. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).
AI Analysis
Technical Summary
CVE-2025-1417 is a medium-severity vulnerability classified under CWE-863 (Incorrect Authorization) affecting the Proget MDM (Mobile Device Management) system, specifically the Konsola Proget server component. The vulnerability allows a low-privileged user to access sensitive information contained within backups of all devices managed by the MDM. The exposed data includes user identifiers such as user IDs, email addresses, first and last names, and device UUIDs. The device UUIDs are particularly critical as they can be leveraged to exploit a related vulnerability, CVE-2025-1416, potentially leading to further compromise. Exploitation requires knowledge of the UUID of a targeted backup, which is not susceptible to brute force attacks, limiting the ease of exploitation. The vulnerability arises due to improper authorization checks that fail to restrict access to backup data to authorized users only. This issue has been addressed and fixed in version 2.17.5 of Konsola Proget. The CVSS v4.0 base score is 4.6, reflecting a medium severity level, with attack vector being adjacent network, low attack complexity, and requiring low privileges but no user interaction. The vulnerability impacts confidentiality primarily, with limited impact on integrity and availability. No known exploits are currently reported in the wild.
Potential Impact
For European organizations using Proget MDM, this vulnerability poses a risk of unauthorized disclosure of sensitive user and device information. Exposure of user IDs, emails, and names can facilitate targeted phishing or social engineering attacks. Disclosure of device UUIDs can enable attackers to chain this vulnerability with CVE-2025-1416, potentially escalating the attack to compromise device management or control. Organizations managing large fleets of mobile devices, especially those handling sensitive or regulated data, could face increased risk of data breaches and compliance violations under GDPR. The confidentiality breach could undermine trust and result in reputational damage. However, the requirement of low privileges and the difficulty in brute forcing UUIDs somewhat limit the scope of impact. Still, insider threats or compromised low-privileged accounts could exploit this vulnerability to gain unauthorized access to backup data.
Mitigation Recommendations
European organizations should prioritize upgrading Konsola Proget to version 2.17.5 or later, where this vulnerability is patched. Until the upgrade is applied, organizations should enforce strict access controls and monitoring on low-privileged user accounts to detect any unusual access patterns to backup data. Implement network segmentation to limit access to the MDM server from only trusted and necessary network segments. Employ strong authentication and role-based access control (RBAC) to minimize the number of users with access to backup information. Regularly audit backup access logs for anomalies. Additionally, organizations should review and harden backup storage permissions to ensure that sensitive backup data is not accessible beyond authorized personnel. Finally, educate users about the risks of phishing and social engineering that could leverage leaked user information.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2025-1417: CWE-863 Incorrect Authorization in Proget Proget
Description
In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM (Mobile Device Management). This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of CVE-2025-1416. Successful exploitation requires UUID of a targeted backup, which cannot be brute forced. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).
AI-Powered Analysis
Technical Analysis
CVE-2025-1417 is a medium-severity vulnerability classified under CWE-863 (Incorrect Authorization) affecting the Proget MDM (Mobile Device Management) system, specifically the Konsola Proget server component. The vulnerability allows a low-privileged user to access sensitive information contained within backups of all devices managed by the MDM. The exposed data includes user identifiers such as user IDs, email addresses, first and last names, and device UUIDs. The device UUIDs are particularly critical as they can be leveraged to exploit a related vulnerability, CVE-2025-1416, potentially leading to further compromise. Exploitation requires knowledge of the UUID of a targeted backup, which is not susceptible to brute force attacks, limiting the ease of exploitation. The vulnerability arises due to improper authorization checks that fail to restrict access to backup data to authorized users only. This issue has been addressed and fixed in version 2.17.5 of Konsola Proget. The CVSS v4.0 base score is 4.6, reflecting a medium severity level, with attack vector being adjacent network, low attack complexity, and requiring low privileges but no user interaction. The vulnerability impacts confidentiality primarily, with limited impact on integrity and availability. No known exploits are currently reported in the wild.
Potential Impact
For European organizations using Proget MDM, this vulnerability poses a risk of unauthorized disclosure of sensitive user and device information. Exposure of user IDs, emails, and names can facilitate targeted phishing or social engineering attacks. Disclosure of device UUIDs can enable attackers to chain this vulnerability with CVE-2025-1416, potentially escalating the attack to compromise device management or control. Organizations managing large fleets of mobile devices, especially those handling sensitive or regulated data, could face increased risk of data breaches and compliance violations under GDPR. The confidentiality breach could undermine trust and result in reputational damage. However, the requirement of low privileges and the difficulty in brute forcing UUIDs somewhat limit the scope of impact. Still, insider threats or compromised low-privileged accounts could exploit this vulnerability to gain unauthorized access to backup data.
Mitigation Recommendations
European organizations should prioritize upgrading Konsola Proget to version 2.17.5 or later, where this vulnerability is patched. Until the upgrade is applied, organizations should enforce strict access controls and monitoring on low-privileged user accounts to detect any unusual access patterns to backup data. Implement network segmentation to limit access to the MDM server from only trusted and necessary network segments. Employ strong authentication and role-based access control (RBAC) to minimize the number of users with access to backup information. Regularly audit backup access logs for anomalies. Additionally, organizations should review and harden backup storage permissions to ensure that sensitive backup data is not accessible beyond authorized personnel. Finally, educate users about the risks of phishing and social engineering that could leverage leaked user information.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- CERT-PL
- Date Reserved
- 2025-02-18T13:43:46.725Z
- Cisa Enriched
- false
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682dd047c4522896dcbfd718
Added to database: 5/21/2025, 1:08:23 PM
Last enriched: 7/6/2025, 5:25:47 AM
Last updated: 7/31/2025, 9:22:12 PM
Views: 16
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.