CVE-2025-6083

Medium CVSS: 5.2

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specific owner_id.

Vendor

Extremenetworks

Product

Extremecloud Universal Ztna

CWE

CWE-287

Yayın Tarihi

2025-06-13 21:15:20

Güncelleme

2026-01-08 21:39:53

Source Identifier

1c053176-eef3-4d6a-ae0b-24728c86587b

KEV Date Added

Kategoriler

CWE-287 Extremecloud Universal Ztna MEDIUM Extremenetworks 2025

Referanslar

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000126912

Benzer Kayıtlar

High

CVE-2025-11192

A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on…

High

CVE-2025-8679

In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure…

Medium

CVE-2025-6235

In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the…

Medium

CVE-2024-38290

In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.

High

CVE-2024-38291

In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege esc…

Critical

CVE-2024-38292

In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which ma…