ExtremeCloud Universal ZTNA Improper Authorization

June 13, 2025 invoker category_cve

CVE Details

Basic Information

Title ExtremeCloud Universal ZTNA Improper Authorization
Type cve
Published 2025-06-13T21:06:34.653Z
Last Seen

Product Information

Vendor Extreme Networks
Product ExtremeCloud Universal ZTNA
Version 25.2.0

CVSS Information

Base Score 5.2 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/S:N
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A syntax error in the ‘searchKeyword’ condition in ExtremeCloud Universal ZTNA allows users to bypass the owner_id filter, potentially enabling them to search data across the entire table instead of being restricted to their specific owner_id.
AI Severity Medium
Vendor Extreme Networks
Product ExtremeCloud Universal ZTNA
Affected Version 25.2.0

Affected Products

  • Extreme Networks ExtremeCloud Universal ZTNA 25.2.0

Additional Information

CVE List
CWE List CWE-287
Bulletin Family

Description

In ExtremeCloud Universal ZTNA, a syntax error in the ‘searchKeyword’ condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specific owner_id.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.