{"id":86639,"date":"2026-03-08T18:45:54","date_gmt":"2026-03-08T18:45:54","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-52804-missing-authorization-vulnerability-in-uxper-nuss-leading-to-accessing-functionality-not-properly-constrained-by-acls","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-52804-missing-authorization-vulnerability-in-uxper-nuss-leading-to-accessing-functionality-not-properly-constrained-by-acls\/","title":{"rendered":"CVE-2025-52804: Missing Authorization Vulnerability in uxper Nuss Leading to Accessing Functionality Not Properly Constrained by ACLs<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The CVE-2025-52804 is a critical security vulnerability that affects the uxper Nuss software. It stems from an absence of proper authorization that can potentially allow an attacker to access functionalities that are not properly constrained by Access Control Lists (ACLs). This vulnerability is of significant concern as it can lead to a system compromise or data leakage.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-52804
\nSeverity: High (7.5 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Potential system compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n