Missing Authorization in Infomaniak's VOD Platform
CVE-2025-22729
4.3MEDIUM
Summary
A missing authorization vulnerability has been identified in Infomaniak's VOD service that allows attackers to exploit incorrectly configured access control security levels. This can lead to unauthorized access to sensitive data, compromising user privacy and service integrity in affected versions up to 1.5.9. Users and administrators are urged to review their configurations and apply necessary updates to mitigate these risks.
Affected Version(s)
VOD Infomaniak <= 1.5.9
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Mika (Patchstack Alliance)