CVE-2025-13480
Last modified
CVE-2025-13480 is a medium-severity vulnerability rated 5.1/10 on the CVSS scale. Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been fixed in version 5.6.3. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been fixed in version 5.6.3
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fudosecurity | Fudo Enterprise | >= 5.5.0, < 5.6.3 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-13480?
How severe is CVE-2025-13480?
How do I fix CVE-2025-13480?
Are you affected by CVE-2025-13480?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST