CVE-2025-11566

Name of the Vulnerable Software and Affected Versions versions prior to 2025 (affected versions not specified)

Description An issue exists that allows an attacker on the local network to gain access to a user account by performing an arbitrary number of authentication attempts with different credentials. This is due to improper restriction of excessive authentication attempts. The issue affects the /REST/shutdownnow API endpoint. The credentials variable is subject to abuse.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.