PT-2025-27860 · H Mdm+1 · Headwind Mdm+1
James Mallam
·
Published
2025-07-04
·
Updated
2025-07-21
·
CVE-2025-43720
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Headwind MDM versions prior to 5.33.1
Description
Headwind MDM versions prior to 5.33.1 allow unauthorized access to configuration details. Specifically, the configuration profile is exposed to users with the Observer role, revealing the password required to escape the MDM-controlled device’s profile.
Recommendations
Update Headwind MDM to version 5.33.1 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Headwind Mdm
Hmdm-Server