Unencrypted Data Transmission in Progress Telerik Report Server
CVE-2025-0556

8.8HIGH

Key Information:

Vendor: Progress Software
Status: Telerik Report Server
Vendor: CVE Published:; 12 February 2025

Summary

In Progress Telerik Report Server, versions released before 2025 Q1 (11.0.25.211) utilize an older .NET Framework implementation that allows for the transmission of non-sensitive information in an unencrypted format. This vulnerability permits potential attackers on a local network to capture and analyze the communication between the service agent and the application host, posing a risk to data confidentiality and integrity. Users are encouraged to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Telerik Report Server Windows 1.0.0 < 2025 Q1 (11.0.25.211)

References

https://docs.telerik.com/report-server/knowledge-base/kb-...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Jan 17, 2025