{"id":28242,"date":"2025-04-21T10:32:06","date_gmt":"2025-04-21T10:32:06","guid":{"rendered":""},"modified":"2025-05-09T00:19:15","modified_gmt":"2025-05-09T00:19:15","slug":"cve-2025-26741-privilege-escalation-through-missing-authorization-in-aweos-gmbh-email-notifications-for-updates","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-26741-privilege-escalation-through-missing-authorization-in-aweos-gmbh-email-notifications-for-updates\/","title":{"rendered":"CVE-2025-26741: Privilege Escalation through Missing Authorization in AWEOS GmbH Email Notifications for Updates<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-26741 is a high-severity vulnerability that exposes systems to potential compromise or data leakage due to a missing authorization flaw in AWEOS GmbH’s Email Notifications for Updates software. It is a serious issue that can lead to privilege escalation, allowing attackers to gain unauthorized access and control over a system. This vulnerability affects a wide range of users<\/a>, particularly those using versions up to and including 1.1.6 of the AWEOS Email Notifications for Updates software. The severity and potential impact of this vulnerability<\/a> underscore the urgent necessity for immediate patch application and mitigation strategies.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-26741
\nSeverity: High (CVSS: 8.8)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Successful exploitation can result in unauthorized system access, privilege escalation<\/a>, system compromise, and data leakage.<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n