CVE-2025-32986

High CVSS: 7.5

NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint.

Vendor

Product

CWE

Yayın Tarihi

2025-04-25 21:15:39

Güncelleme

2025-05-27 16:56:44

Source Identifier

cve@mitre.org

KEV Date Added

CWE-200 Ngeniusone HIGH Netscout 2025

https://www.netscout.com/securityadvisories

High

CVE-2025-32981

NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File.

High

CVE-2025-32982

NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module.

High

CVE-2025-32983

NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace.

Medium

CVE-2025-32984

NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter.

Critical

CVE-2025-32985

NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files.

Medium

CVE-2025-32979

NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users.