PT-2025-32218 · Unknown · Vedo Suite
Davide Reggiani
+1
·
Published
2025-08-06
·
Updated
2025-08-07
·
CVE-2025-51054
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Vedo Suite version 2024.17
Description
Vedo Suite 2024.17 is susceptible to an incorrect access control issue. This allows remote attackers to obtain a valid, high-privilege JWT (JSON Web Token) without authentication by sending an empty HTTP POST request to the
/autologin/ API endpoint.Recommendations
Vedo Suite version 2024.17: Implement proper authentication and authorization checks for the
/autologin/ API endpoint to prevent unauthorized access and JWT token generation.Exploit
Fix
LPE
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vedo Suite