CVE-2025-1416 Password disclosure in Proget MDM

In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM Mobile Device Management. For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-141...

CVE-2025-1416

CVE-2025-1416 affects Proget MDM (Konsola Proget server). A low-privilege user can retrieve passwords for managed devices and then use MDM functions restricted to higher-privilege users. Exploitation requires knowing the UUIDs of targeted devices, which may be obtained via related flaws CVE-2025-...

CVE-2025-1415 Information disclosure in Proget MDM

A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM Mobile Device Management, as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the attack, one has to know a taskid, but since...

CVE-2025-1415

In Proget MDM, the CVE-2025-1415 issue concerns a low-privileged user who can retrieve information about tasks run on managed devices and obtain device UUIDs needed for exploitation of CVE-2025-1416. The attack requires knowing a task_id, but brute-forcing is possible due to lack of request limit...