PT-2025-50311 · Unknown · Mxsecurity Series
Leo Lin
·
Published
2025-12-10
·
Updated
2025-12-10
·
CVE-2025-9315
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
MXsecurity Series (affected versions not specified)
Description
An unauthenticated device registration issue exists due to Improperly Controlled Modification of Dynamically-Determined Object Attributes. An attacker can exploit this by sending a crafted JSON payload to the
/api/v1/devices/register endpoint, enabling registration of unauthorized devices without authentication. The vulnerability allows for limited data modification, but does not impact the confidentiality or availability of the device or subsequent systems. The vulnerable parameter is the JSON payload sent to the API endpoint.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mxsecurity Series