CVE-2025-24900

Name of the Vulnerable Software and Affected Versions: Concorde versions prior to 12.25Q1.1

Description: The issue arises from a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, allowing an attacker to bypass MediaProxy authentication. This enables the attacker to load any image without restrictions under certain circumstances. In versions prior to 12.24Q2.3, the vulnerability also bypasses bull-board authentication, potentially leading to significant impacts on availability and integrity.

Recommendations: For versions prior to 12.25Q1.1, update to version 12.25Q1.1 to fix the security flaw. As a temporary workaround, consider restricting access to MediaProxy authentication and the job queue management page (bull-board) until the update is applied. No other effective workarounds are available apart from updating to the patched version.