{"id":38730,"date":"2025-05-16T23:14:43","date_gmt":"2025-05-16T23:14:43","guid":{"rendered":""},"modified":"2025-07-07T23:52:35","modified_gmt":"2025-07-08T05:52:35","slug":"cve-2025-26846-permission-bypass-vulnerability-in-znuny-ticket-system","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-26846-permission-bypass-vulnerability-in-znuny-ticket-system\/","title":{"rendered":"CVE-2025-26846: Permission Bypass Vulnerability in Znuny Ticket System<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In the cybersecurity landscape, a new threat has emerged that has potential to compromise systems or lead to data leakage. This vulnerability, identified as CVE-2025-26846, is a major concern particularly for users of Znuny, a popular open-source helpdesk and IT service management (ITSM) solution. The flaw resides in versions of Znuny before 7.1.4 and puts at risk any organization that uses this software to manage their customer support and IT service<\/a> needs.
\nThe vulnerability is significant due to its high CVSS Severity Score of 9.8, indicating that it can have a critical impact on systems<\/a>, and because it bypasses the permission checks when updating ticket metadata. This could allow an attacker to manipulate the system in an unauthorized manner, which can lead to system<\/a> compromise or data leakage if not promptly addressed.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-26846
\nSeverity: Critical – CVSS 9.8
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: System compromise or data<\/a> leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n