PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset

Summary PraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured. The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...

CVE-2025-8558

Insider Threat Management ITM Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents t...

CVE-2025-8558

Insider Threat Management ITM Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents t...

CVE-2025-8558

The CVE-2025-8558 entry concerns Proofpoint’s Insider Threat Management (ITM) Server. Affected software: ITM Server versions prior to 7.17.2. Vulnerable component/condition: an authentication bypass that allows an unauthenticated adversary on an adjacent network to unregister agents when the numb...

CVE-2025-8558

Insider Threat Management ITM Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents t...