CVE-2025-14716

| EUVD-2025-208869 MEDIUM
2026-03-19 Secomea
6.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 19, 2026 - 11:15 euvd
EUVD-2025-208869
Analysis Generated
Mar 19, 2026 - 11:15 vuln.today
CVE Published
Mar 19, 2026 - 10:52 nvd
MEDIUM 6.5

Tags

Authentication Bypass Gatemanager

Description

Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.This issue affects GateManager: 11.4;0.

Analysis

An improper authentication vulnerability in Secomea GateManager's webserver modules allows authenticated users to bypass authentication controls and access resources they should not be permitted to access. This affects GateManager version 11.4.0 and potentially other versions within the 11.4 release line. An attacker with valid login credentials can exploit this flaw to gain unauthorized access to sensitive information, achieving high confidentiality impact without modifying data or degrading availability.

Technical Context

The vulnerability resides in the webserver authentication modules of Secomea GateManager (CPE: cpe:2.3:a:secomea:gatemanager:*:*:*:*:*:*:*:*), classified under CWE-287 (Improper Authentication). CWE-287 encompasses flaws in authentication logic where the application fails to properly verify user identity or session validity before granting access to protected resources. In this case, the webserver's authentication handler likely contains a logic defect that allows a low-privileged authenticated session to escalate or bypass permission checks, possibly through session token manipulation, authentication state confusion, or incomplete privilege validation in the request-handling pipeline.

Affected Products

Secomea GateManager version 11.4.0 is explicitly confirmed as vulnerable. The CPE designation cpe:2.3:a:secomea:gatemanager:*:*:*:*:*:*:*:* suggests that other versions within the 11.4 branch and potentially earlier releases may be affected; organizations should consult the vendor security advisory at https://www.secomea.com/support/cybersecurity-advisory/ for the complete version scope and patch status. GateManager is a remote access and industrial automation platform commonly deployed in critical infrastructure and manufacturing environments.

Remediation

Apply the security patch provided by Secomea for GateManager 11.4.0 and any other affected versions referenced in the official advisory at https://www.secomea.com/support/cybersecurity-advisory/. Perform a full system upgrade to the patched version following the vendor's documented upgrade procedure. As an interim mitigation, enforce strict network access controls to restrict GateManager webserver access to trusted IP ranges, implement session timeout policies to limit the window of exposure for compromised credentials, and monitor authentication logs for suspicious privilege escalation attempts or unusual resource access patterns. Review and audit existing user sessions and permissions to detect any unauthorized access that may have already occurred.

Priority Score

33
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +32
POC: 0

Share

CVE-2025-14716 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy