CVE-2025-26341

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests.
Configurations

No configuration.

History

12 Feb 2025, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-02-12 14:15

Updated : 2025-02-12 14:15


NVD link : CVE-2025-26341

Mitre link : CVE-2025-26341

CVE.ORG link : CVE-2025-26341


JSON object : View

Products Affected

No product.

CWE
CWE-306

Missing Authentication for Critical Function