PT-2025-27663 · Ns3000+1 · Ns3000+1
Published
2025-06-30
·
Updated
2025-10-10
·
CVE-2025-45814
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
NS3000 versions 7.x through 8.1.1.125110
NS2000 version 7.02.08
Description:
The issue is related to missing authentication checks in the "query.fcgi" endpoint, which allows attackers to execute a session hijacking attack.
Recommendations:
For NS3000 versions 7.x through 8.1.1.125110, consider disabling access to the "query.fcgi" endpoint until a patch is available.
For NS2000 version 7.02.08, restrict access to the "query.fcgi" endpoint to minimize the risk of exploitation.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ns2000
Ns3000