Access Control Flaw in CMC by CMC Technologies
CVE-2025-1501

5.3MEDIUM

Key Information:

Vendor: Nozomi Networks
Status: Cmc
Vendor: CVE Published:; 26 August 2025

🔔 Create Nozomi Networks Vulnerability Alert

What is CVE-2025-1501?

An access control vulnerability has been identified in the Request Trace and Download Trace functionalities of CMC prior to version 25.1.0. This flaw allows authenticated users with limited privileges to bypass certain access restrictions, enabling them to request and download trace files inadvertently exposing sensitive network data. Organizations using vulnerable versions of CMC are advised to update to the latest release to mitigate the risk of unauthorized data exposure.

Affected Version(s)

CMC 0 < 25.1.0

References

https://security.nozominetworks.com/NN-2025:3-01

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2025
Vulnerability Reserved
Feb 20, 2025

Credit

This issue was confirmed by Nozomi Networks after a bug reported by one of our Customers.