Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control.
AnalysisAI
A security vulnerability in Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 (CVSS 9.1). Critical severity with potential for significant impact on affected systems.
Technical ContextAI
CWE-284 (Improper Access Control). CVSS 9.1 indicates critical severity with likely remote exploitation vector. Affects Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1.
RemediationAI
Monitor vendor channels for patch availability.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-28312