Search Query Bypass Vulnerability in ExtremeCloud Universal ZTNA
CVE-2025-6083

5.2MEDIUM

Key Information:

Vendor: Extreme Networks
Status: Extremecloud Universal Ztna
Vendor: CVE Published:; 13 June 2025

🔔 Create Extreme Networks Vulnerability Alert

What is CVE-2025-6083?

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition enables unauthorized search queries to bypass the owner_id filter. This vulnerability allows users to access and search data across the entire database table, rather than being confined to their specific owner_id. Consequently, sensitive data could be exposed to unauthorized users, highlighting a significant security concern that needs to be addressed.

Affected Version(s)

ExtremeCloud Universal ZTNA 25.2.0

References

https://extreme-networks.my.site.com/ExtrArticleDetail?an...

CVSS V4

Score:

5.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jun 13, 2025
Vulnerability Reserved
Jun 13, 2025

Credit

Bert Verschaeve

Kees Brouwer

JSON