PT-2025-5380 · Akamai · Akamai Enterprise Application Access
Published
2025-01-29
·
Updated
2025-02-06
·
CVE-2025-24527
CVSS v3.1
8.0
High
| Vector | AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Akamai Enterprise Application Access (EAA) versions prior to 2025-01-17
Description
An issue was discovered in Akamai Enterprise Application Access (EAA). If an administrator knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector.
Recommendations
For Akamai Enterprise Application Access (EAA) versions prior to 2025-01-17, consider restricting access to the connector GUID to prevent unauthorized execution of debug commands until a fix is available. As a temporary workaround, limit the ability of administrators to execute debug commands on connectors of other tenants.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Akamai Enterprise Application Access