{"id":59391,"date":"2025-07-15T04:11:24","date_gmt":"2025-07-15T04:11:24","guid":{"rendered":""},"modified":"2025-09-16T07:09:07","modified_gmt":"2025-09-16T13:09:07","slug":"cve-2025-25268-unauthenticated-adjacent-attacker-accessing-api-endpoint","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-25268-unauthenticated-adjacent-attacker-accessing-api-endpoint\/","title":{"rendered":"CVE-2025-25268: Unauthenticated Adjacent Attacker Accessing API-Endpoint<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The Common Vulnerability and Exposure (CVE) identifier CVE-2025-25268 is a severe security issue that exposes systems to unauthorized modification of configurations. This vulnerability, when exploited, allows an unauthenticated adjacent attacker to send specific requests to an API-endpoint, resulting in read and write access due to missing authentication. It’s a critical concern for any organization that uses affected software<\/a> because it can lead to system compromise or data leakage. The severity of this vulnerability<\/a>, as measured by the Common Vulnerability Scoring System (CVSS), is rated at 8.8, indicating a high level of risk.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-25268
\nSeverity: High (8.8 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Unauthenticated access leading to system compromise or data<\/a> leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n