CVE-2025-1100

Name of the Vulnerable Software and Affected Versions Q-Free MaxTime versions less than or equal to 2.11.0

Description The issue is related to a hard-coded password for the root account, allowing an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH. This enables the attacker to gain full control of the system.

Recommendations For Q-Free MaxTime versions less than or equal to 2.11.0, update to a version greater than 2.11.0 to resolve the issue. As a temporary workaround, consider disabling SSH access to the root account until a patch is available. Restrict access to the system to minimize the risk of exploitation.