CVE-2025-1417 Information disclosure in Proget MDM

In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM Mobile Device Management. This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of...

CVE-2025-1416 Password disclosure in Proget MDM

In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM Mobile Device Management. For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-141...

CVE-2025-1416

CVE-2025-1416 affects Proget MDM (Konsola Proget server). A low-privilege user can retrieve passwords for managed devices and then use MDM functions restricted to higher-privilege users. Exploitation requires knowing the UUIDs of targeted devices, which may be obtained via related flaws CVE-2025-...

CVE-2025-1416 Password disclosure in Proget MDM

In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM Mobile Device Management. For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-141...

CVE-2025-1415

A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM Mobile Device Management, as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the attack, one has to know a taskid, but since...

CVE-2025-1415 Information disclosure in Proget MDM

A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM Mobile Device Management, as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the attack, one has to know a taskid, but since...

CVE-2025-1415

In Proget MDM, the CVE-2025-1415 issue concerns a low-privileged user who can retrieve information about tasks run on managed devices and obtain device UUIDs needed for exploitation of CVE-2025-1416. The attack requires knowing a task_id, but brute-forcing is possible due to lack of request limit...

CVE-2025-1415 Information disclosure in Proget MDM

A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM Mobile Device Management, as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the attack, one has to know a taskid, but since...

Inedo ProGet 安全漏洞

Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet versions prior to 2.17.5, which stems from the possibility that device activation data could be downloaded as a CSV file by an elevated privileged user and cause damage to the PC, allowing an...

Inedo ProGet 安全漏洞

Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet versions prior to 2.17.5, which stems from improper input cleanup in the comments section and could lead to an elevated privilege user executing a stored cross-site scripting attack...

Inedo ProGet 安全漏洞

Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet versions prior to 2.17.5 that stems from a low-privileged user having access to changed information in backups, including user IDs, email addresses, and device UUIDs...

Inedo ProGet 安全漏洞

Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet versions prior to 2.17.5, which stems from a low-privileged user having access to configuration file information containing details of allowed/prohibited features...

Inedo ProGet 安全漏洞

Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet versions prior to 2.17.5, which stems from improper input cleanup in the activationMessage field, and could lead to an elevated privilege user executing a stored cross-site scripting attack...

Inedo ProGet 安全漏洞

Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet versions prior to 2.17.5, which stems from a low-privileged user being able to retrieve passwords for managed devices and utilize MDM-restricted features...

Inedo ProGet 安全漏洞

Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet versions prior to 2.17.5, which stems from a low-privileged user being able to obtain device task information and UUIDs...

PT-2025-22351 · Unknown · Konsola Proget

Name of the Vulnerable Software and Affected Versions: Konsola Proget versions prior to 2.17.5 Description: The issue is related to improper sanitization of input in the comment section of Konsola Proget, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack...

PT-2025-22349 · Unknown · Proget Mdm

Name of the Vulnerable Software and Affected Versions: Proget MDM versions prior to 2.17.5 Description: A low-privileged user can access information about changes contained in backups of all devices managed by the MDM, including user ids, email addresses, first names, last names, and device UUIDs...

PT-2025-22348

Name of the Vulnerable Software and Affected Versions Proget MDM affected versions not specified Description The issue concerns a privilege escalation in Proget MDM, where a low-privileged user can retrieve passwords for managed devices. This allows the user to access functionalities restricted b...

PT-2025-22350 · Unknown · Konsola Proget

Name of the Vulnerable Software and Affected Versions: Konsola Proget versions prior to 2.17.5 Description: A low-privileged user can access information about profiles created in Proget MDM, which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive...

PT-2025-22353 · Microsoft +1 · Office Excel +1

Name of the Vulnerable Software and Affected Versions: Konsola Proget server part of the MDM suite versions prior to 2.17.5 Description: The issue arises when data provided in a request to the server during new device activation is stored in a database. High-privileged users who download this dat...