CVE-2025-64180

Name of the Vulnerable Software and Affected Versions Manager-io/Manager versions 25.11.1.3085 and below

Description Manager-io/Manager accounting software contains a critical flaw in its DNS validation mechanism. This flaw results in a Time-of-Check Time-of-Use (TOCTOU) condition, allowing attackers to bypass network isolation and gain unauthorized access to internal network resources, cloud metadata endpoints, and protected network segments. The Desktop edition does not require authentication, while the Server edition requires standard authentication. TOCTOU is a race condition where a check is performed on a resource, and then the resource is used, but in the time between the check and the use, the resource has been modified by another process.

Recommendations Update Manager Desktop and Server to version 25.11.1.3086.