Skip to main content

Guardian EUVDEUVD-2025-209469

| CVE-2025-40897 HIGH
Incorrect Authorization (CWE-863)
2026-04-15 Nozomi GHSA-57pr-fgr5-wqvx
7.2
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

10
Re-analysis Queued
Apr 17, 2026 - 15:52 vuln.today
cvss_changed
Patch released
Apr 17, 2026 - 15:38 nvd
Patch available
Analysis Updated
Apr 16, 2026 - 05:56 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
26.0.0
CVSS changed
Apr 15, 2026 - 15:22 NVD
8.1 (HIGH) 7.2 (HIGH)
Analysis Generated
Apr 15, 2026 - 09:08 vuln.today
EUVD ID Assigned
Apr 15, 2026 - 09:00 euvd
EUVD-2025-209469
Analysis Generated
Apr 15, 2026 - 09:00 vuln.today
CVE Published
Apr 15, 2026 - 08:18 nvd
HIGH 7.2

DescriptionCVE.org

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administrative actions on it, altering the rules configuration, and/or affecting their availability.

AnalysisAI

Privilege escalation in Nozomi Networks Guardian and CMC Threat Intelligence module allows authenticated view-only users to perform administrative actions, including modifying or deleting threat intelligence rules. With CVSS 8.1 (High) driven by high integrity and availability impact, this access control bypass (CWE-863) enables low-privileged users to alter critical security configurations remotely. No public exploit identified at time of analysis, though EPSS data unavailable. Authentication requirements lower the barrier only slightly, as compromised low-privilege accounts are common in enterprise environments.

Technical ContextAI

This vulnerability affects the Threat Intelligence functionality in Nozomi Networks Guardian (industrial network security monitoring platform) and CMC (Central Management Console), identified by CPE strings cpe:2.3:a:nozomi_networks:guardian and cpe:2.3:a:nozomi_networks:cmc. The root cause is CWE-863 (Incorrect Authorization), a classic broken access control issue where role-based access control (RBAC) enforcement fails to properly validate user permissions before allowing state-changing operations. The application checks authentication (PR:L indicates low-privilege authenticated access required) but fails to verify authorization for administrative functions within the Threat Intelligence module. This represents a horizontal privilege escalation where users can exceed their designated view-only role to perform create/update/delete operations on threat intelligence rules, which are critical for network security posture and incident detection. The remote attack vector (AV:N) with low complexity (AC:L) indicates this is exploitable through standard network access to the web management interface without special conditions.

RemediationAI

Organizations running Nozomi Networks Guardian or CMC should immediately review the vendor security advisory at https://security.nozominetworks.com/NN-2026:1-01 for patched software versions and upgrade instructions. Upstream fix available (PR/commit); released patched version not independently confirmed from provided data sources. As an interim mitigation, review and restrict user account permissions in the Threat Intelligence module, ensuring view-only users cannot access administrative functions through UI or API. Audit existing threat intelligence rules for unauthorized modifications and implement additional monitoring for privilege escalation attempts. Consider isolating management interfaces to restricted networks and enforcing multi-factor authentication for all accounts with any level of Threat Intelligence access. Conduct an audit of all low-privilege account activity logs to identify potential historical exploitation prior to patch deployment.

CVE-2020-7049 HIGH POC
7.3 Jun 30

Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. Rated high severity (CVSS 7

CVE-2020-15307 MEDIUM POC
6.1 Jun 30

Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to

CVE-2023-29245 CRITICAL
9.2 Sep 19

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields us

CVE-2026-31984 HIGH
8.7 Jul 09

Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauth

CVE-2026-39911 HIGH
8.7 Apr 09

Authenticated Standard Registry users can execute arbitrary Node.js code in Hashgraph Guardian ≤3.5.0 through unsandboxe

CVE-2023-2567 HIGH
8.7 Sep 19

A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in ce

CVE-2023-23574 HIGH
8.7 Aug 09

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_

CVE-2023-22378 HIGH
8.7 Aug 09

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting

CVE-2022-0551 HIGH
8.6 Mar 24

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticat

CVE-2022-0550 HIGH
8.6 Mar 24

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an auth

CVE-2021-26725 HIGH
8.6 Feb 22

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticat

CVE-2021-26724 HIGH
8.6 Feb 22

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and

Share

EUVD-2025-209469 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy