CVE Catalog

CVE-2025-51054

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile - higher than 30% of all known CVEs

Summary

A vulnerability in Vedo Suite 2024.17 allows unauthenticated remote attackers to obtain a valid high-privilege JWT token by sending an empty HTTP POST request to the /autologin/ endpoint, due to incorrect access control.

Risk Assessment

An attacker can gain full control over the Vedo Suite system, accessing sensitive data and administrative functions without authentication.

Recommendation

Immediately update Vedo Suite to the latest version and enable multi-factor authentication for all administrative accounts.

Original NVD description (English source)

Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS