PT-2025-7132 · Q Free · Q-Free Maxtime

Andrea Palanca

Published

2025-02-12

Updated

2025-10-24

CVE-2025-26343

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions less than or equal to 2.11.0

Description: A weak authentication issue in the PIN authentication mechanism allows an unauthenticated remote attacker to brute-force user PINs via multiple crafted HTTP requests. This issue affects Q-Free MaxTime, enabling attackers to potentially gain unauthorized access.

Recommendations: For Q-Free MaxTime versions less than or equal to 2.11.0, update to a version greater than 2.11.0 to resolve the issue. As a temporary workaround, consider restricting access to the PIN authentication mechanism to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1390

Related Identifiers

CVE-2025-26343

Affected Products

Q-Free Maxtime

PT-2025-7132 · Q Free · Q-Free Maxtime

CVE-2025-26343

Weakness Enumeration

Related Identifiers

Affected Products

References · 5