CVE-2025-43720

Sažetak

Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile.

Reference

https://github.com/h-mdm/hmdm-server/commit/19e4a63f732c99064444df7e8c61b4f01df362e8
https://github.com/h-mdm/hmdm-server/compare/v5.32.1...v5.33.1
https://www.periculo.co.uk/cyber-security-blog/how-our-pen-tester-found-a-critical-vulnerability-cve-2025-43720

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

21-07-2025 - 17:15

Objavljeno

21-07-2025 - 17:15