API Misconfiguration in Fudo Enterprise by Fudo Security
CVE-2025-13480

5.1MEDIUM

Key Information:

Vendor

Fudo Security

Status
Fudo Enterprise
Vendor
CVE Published:
20 April 2026

What is CVE-2025-13480?

Versions 5.5.0 through 5.6.2 of Fudo Enterprise are susceptible to improper access control, allowing low privileged users to exploit unsecured API endpoints. This vulnerability grants access to sensitive data, including system logs and configuration settings reserved for administrators. The issue has been addressed in version 5.6.3, which mitigates the risk by securing these API resources.

Affected Version(s)

Fudo Enterprise 5.5.0 <= 5.6.2

References

https://www.fudosecurity.com/product/enterprise
product
https://cert.pl/en/posts/2026/04/CVE-2025-13480
third-party-advisory
https://download.fudosecurity.com/documentation/fudo/5_6/...
release-notes

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.