CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1102: A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated...

5.5 CVSS

Description

A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability via crafted URLs or HTTP requests.

Classification

CVE ID: CVE-2025-1102

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.5

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products

Vendor: Q-Free

Product: MaxTime

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.94% (scored less or equal to compared to others)

EPSS Date: 2025-03-13 (when was this score calculated)

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-1102

Timeline

2025-02-13 00:33:15 UTC
CVE

A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated...