CVE-2025-49181

Name of the Vulnerable Software and Affected Versions The product name cannot be determined.

Description Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.