CVE-2025-0556

High CVSS: 8.8

In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing.

Vendor

Progress

Product

Telerik Report Server

CWE

CWE-319

Yayın Tarihi

2025-02-12 16:15:43

Güncelleme

2025-02-20 20:41:40

Source Identifier

security@progress.com

KEV Date Added

Kategoriler

CWE-319 Telerik Report Server HIGH Progress 2025

Referanslar

https://docs.telerik.com/report-server/knowledge-base/kb-security-cleartext-transmission-cve-2025-0556

Benzer Kayıtlar

Medium

CVE-2026-2878

In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyn…

High

CVE-2025-13447

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker…

High

CVE-2025-13444

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker…

High

CVE-2025-13774

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability…

Low

CVE-2025-11235

Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MO…

Medium

CVE-2025-13147

Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before…