CVE-2025-1102

Name of the Vulnerable Software and Affected Versions Q-Free MaxTime version 2.11.0 and earlier

Description A CWE-346 "Origin Validation Error" in the CORS configuration allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability via crafted URLs or HTTP requests.

Recommendations For Q-Free MaxTime version 2.11.0 and earlier, update to a version later than 2.11.0 to resolve the issue. As a temporary workaround, consider restricting access to the CORS configuration to minimize the risk of exploitation.