CVE-2025-22961

Published Feb 13, 2025

Last updated 9 days ago

Overview

Description
A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284). Unauthenticated attackers can directly access sensitive database backup files (snapshot_users.db) via publicly exposed URLs (/logs/devcfg/snapshot/ and /logs/devcfg/user/). Exploiting this vulnerability allows retrieval of sensitive user data, including login credentials, potentially leading to full system compromise.
Source
cve@mitre.org
NVD status
Received

Social media

Hype score
Not currently trending

  1. CVE-2025-22961 A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Contro… https://t.co/9GWDHN3rlv

    @CVEnew

    14 Feb 2025

    473 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References