关键漏洞信息 漏洞标识 Advisory ID: NN-2025:3-01 CVE Name(s): CVE-2025-1501 漏洞描述 Topic: Incorrect authorization for traces request/download in CMC before 25.1.0 CWE Impact: CWE-863: Incorrect Authorization Summary: An access control vulnerability was discovered in the Request Trace and Download Trace functionalities due to a specific access restriction not being properly enforced for users with limited privileges. 影响 Impact: An authenticated user with limited privileges can request and download trace files due to improper access restrictions, potentially exposing unauthorized network data. CVSS Score: - 5.3 (CVSS v4.0) - 4.3 (CVSS v3.1) CVE Risk Level: Medium 受影响产品 Affected Products: CMC < v25.1.0 解决方案和缓解措施 Workarounds and Mitigations: Use internal firewall features to limit access to the web management interface. Solutions: Upgrade to v25.1.0 or later. 其他信息 Modification History: 2025-08-26: Initial revision Related Links: Mitre CVE entry Acknowledgements: We thank the following parties for their efforts: - one of our Customers for reporting a bug, leading to Nozomi Networks confirming this issue Contact: Nozomi Networks Product Security team can be reached at prodsec@nozominetworks.com.