- **Vulnerability ID**: CA20260112-01 - **Product/Component**: Spectrum - **Release Date**: January 12, 2026 - **Update Date**: January 12, 2026 - **Status**: Closed - **Severity**: High (High) - **CVSS Base Score**: 8.8 - **Affected CVEs**: - CVE-2025-69267 - CVE-2025-69268 - CVE-2025-69269 - CVE-2025-69270 - CVE-2025-69271 - CVE-2025-69272 - CVE-2025-69273 - CVE-2025-69274 - CVE-2025-69275 - CVE-2025-69276 - **Workarounds**: None ### Risk Rating - **CVE-2025-69267** (High): Path Traversal - **CVE-2025-69268** (Medium): Reflected XSS - **CVE-2025-69269** (Medium): Command Injection - **CVE-2025-69270** (Low): Session Token Exposure - **CVE-2025-69271** (Low): Basic Authentication - **CVE-2025-69272** (Medium): Passwords Returned in Plaintext - **CVE-2025-69273** (High): Authentication Bypass - **CVE-2025-69274** (High): Privilege Escalation Bypass - **CVE-2025-69275** (Medium): Outdated Third-Party JavaScript Library - **CVE-2025-69276** (Low): Insecure Deserialization ### Platforms - Windows - Linux ### Affected Product Versions - **CVE-2025-69267**: Spectrum v24.3.8 and earlier - **CVE-2025-69268**: Spectrum v24.3.8 and earlier - **CVE-2025-69269**: Spectrum v23.3.6 and earlier - **CVE-2025-69270**: Spectrum v24.3.8 and earlier - **CVE-2025-69271**: Spectrum v24.3.13 and earlier - **CVE-2025-69272**: Spectrum v21.2.1 and earlier - **CVE-2025-69273**: Spectrum v24.3.10 and earlier - **CVE-2025-69274**: Spectrum v24.3.10 and earlier - **CVE-2025-69275**: Spectrum v24.3.9 and earlier - **CVE-2025-69276**: Spectrum v24.3.13 and earlier ### Solution - Upgrade to version 25.4.1 or later to resolve all listed vulnerabilities.