关键漏洞信息 漏洞编号 CVE-2025-31511 CVE-2025-31513 漏洞类型 不当访问控制 (CWE-284) 影响产品及版本 NetApp Enterprise - Affected Product: Guardian - Affected Versions: 4.14.2.21 and earlier 攻击向量 CVE-2025-31511: - Attack Vector: Allows remote authenticated users to bypass message approval by manipulating the "adminApprove" parameter in a Request/2026/building/20/access request during API call. CVE-2025-31513: - Attack Vector: Allows remote authenticated users to bypass message approval by changing the value in a Request/2026/building/20/access request during an external API call. 影响 CVE-2025-31511: - Impact: Attackers can approve or revoke access requests without management authentication. CVE-2025-31513: - Impact: Attackers can manipulate access requests for unauthorized users, bypassing approval processes. 参考链接 https://www.netapp.com/us/ https://github.com/netapp/guardian https://github.com/netapp/guardian/issues 发布时间 Initial Discovery: June 2023 Vendor Notified: July 2023 Vendor Response: Vendor acknowledged issue