CVE-2025-22956

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: OPSI versions prior to 4.3

Description: OPSI allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret intended to be accessible only by a subset of clients. An example of this is a domain join account password for the windomain package.

Recommendations: Update OPSI to version 4.3 or later.

Fix

LPE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-22956

Affected Products

Opsi

CVE-2025-22956

Weakness Enumeration

Related Identifiers

Affected Products

References · 8