CVE-2025-22918

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Polycom RealPresence Group 500 versions <=20

Description The issue is related to insecure permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information.

Recommendations For Polycom RealPresence Group 500 versions <=20, consider disabling the automatic loading of cookies as a temporary workaround until a patch is available. Restrict access to administrator functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-200

Related Identifiers

CVE-2025-22918

Affected Products

Polycom Realpresence Group 500

CVE-2025-22918

Weakness Enumeration

Related Identifiers

Affected Products

References · 4