Missing Authorization Vulnerability in Gmission Web Fax Affects Multiple Versions
CVE-2025-15068

8.5HIGH

Key Information:

Vendor: Gmission
Status: Web Fax
Vendor: CVE Published:; 29 December 2025

What is CVE-2025-15068?

A Missing Authorization vulnerability has been identified in Gmission Web Fax, which can lead to privilege abuse and session credential falsification. This vulnerability affects Web Fax versions from 3.0 and before 4.0. Attackers may exploit this issue by manipulating session credentials, potentially giving unauthorized access to sensitive functions and data within the application.

Affected Version(s)

Web Fax 3.0 < 3.0.1

References

https://www.gmission.co.kr/fax1

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 29, 2025
Vulnerability Reserved
Dec 24, 2025

CVE-2025-15068 Data

JSON