{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T21:28:40.078","vulnerabilities":[{"cve":{"id":"CVE-2025-1417","sourceIdentifier":"cvd@cert.pl","published":"2025-05-21T13:16:01.760","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM (Mobile Device Management). This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of CVE-2025-1416.\n\nSuccessful exploitation requires UUID of a targeted backup, which cannot be brute forced. \n\nThis issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite)."},{"lang":"es","value":"En Proget MDM, un usuario con pocos privilegios puede acceder a la información sobre los cambios contenidos en las copias de seguridad de todos los dispositivos administrados por MDM (Administración de Dispositivos Móviles). Esta información incluye identificadores de usuario, direcciones de correo electrónico, nombres, apellidos y UUID del dispositivo. Este último puede utilizarse para explotar la vulnerabilidad CVE-2025-1416. Para una explotación exitosa, se requiere el UUID de una copia de seguridad específica, que no puede forzarse. Este problema se ha corregido en la versión 2.17.5 de Konsola Proget (componente servidor de la suite MDM)."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://cert.pl/en/posts/2025/05/CVE-2025-1415","source":"cvd@cert.pl"},{"url":"https://proget.pl/en/mobile-device-management/","source":"cvd@cert.pl"}]}}]}