CVE-2022-25508

Name of the Vulnerable Software and Affected Versions FreeTAKServer versions 1.9.8 through 1.9.8.4

Description An access control issue in the component /ManageRoute/postRoute of FreeTAKServer allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. The issue affects the API endpoint "/ManageRoute/postRoute" and can be exploited by manipulating the route creation process.

Recommendations For FreeTAKServer versions 1.9.8 through 1.9.8.4, update to version 1.9.8.5 to resolve the issue. As a temporary workaround, consider restricting access to the /ManageRoute/postRoute endpoint to prevent unauthenticated attackers from exploiting the issue.