CVE-2025-2311

Name of the Vulnerable Software and Affected Versions Nebula Informatics SecHard versions prior to 3.3.0.20220411

Description The issue is related to the incorrect use of privileged APIs, cleartext transmission of sensitive information, and insufficiently protected credentials. This allows for authentication bypass, interface manipulation, authentication abuse, and harvesting information via API event monitoring.

Recommendations For versions prior to 3.3.0.20220411, update to version 3.3.0.20220411 or later to resolve the issue. As a temporary workaround, consider restricting access to privileged APIs and sensitive information to minimize the risk of exploitation. Additionally, ensure that credentials are properly protected and consider disabling API event monitoring until the issue is resolved.