CVE-2025-24527 – An admin with knowledge of another tenant's 128... (How to Fix)

📋 TL;DR

An admin with knowledge of another tenant's 128-bit connector GUID can execute debug commands on that connector in Akamai Enterprise Application Access (EAA). This allows cross-tenant privilege escalation affecting multi-tenant EAA deployments where admin users exist.

💻 Affected Systems

Products:

Akamai Enterprise Application Access (EAA)

Versions: All versions before 2025-01-17

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires multi-tenant deployment with admin users who can obtain other tenants' connector GUIDs.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Admin from one tenant gains full control over another tenant's connector, potentially accessing sensitive data, disrupting services, or pivoting to internal networks.

🟠

Likely Case

Unauthorized debug command execution leading to information disclosure, service disruption, or configuration changes in affected connectors.

🟢

If Mitigated

Limited impact due to strict access controls, monitoring, and the requirement for admin credentials plus specific connector GUID knowledge.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires admin credentials and knowledge of another tenant's specific 128-bit connector GUID.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions from 2025-01-17 onward

Vendor Advisory: https://techdocs.akamai.com/eaa/changelog/january-29-2025

Restart Required: No

Instructions:

1. Log into Akamai EAA admin console
2. Navigate to system updates
3. Apply the update dated 2025-01-17 or later
4. Verify update completion in changelog

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit admin privileges to only essential personnel and implement strict access controls.

Monitor Connector GUID Access

all

Implement logging and alerting for access to connector GUIDs across tenant boundaries.

🧯 If You Can't Patch

Implement network segmentation to isolate connectors from unauthorized admin access
Enhance monitoring for debug command execution patterns across tenant boundaries

🔍 How to Verify

Check if Vulnerable:

Check EAA version in admin console - if version date is before 2025-01-17, system is vulnerable.

Check Version:

Check Akamai EAA admin console → System Information → Version

Verify Fix Applied:

Confirm EAA version shows 2025-01-17 or later in the changelog or version information.

📡 Detection & Monitoring

Log Indicators:

Unauthorized debug command execution attempts
Cross-tenant connector GUID access patterns
Admin actions on non-owned connectors

Network Indicators:

Unexpected debug protocol traffic between tenants
Anomalous connector communication patterns

SIEM Query:

source="eaa" AND (event_type="debug_command" OR connector_access_cross_tenant=true)

📊 Metadata

CVE ID: CVE-2025-24527

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-732

EPSS Score: 0.13% exploit probability (32.5th percentile)

Published: January 29, 2025

Last Updated: February 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24527, you might also want to check these: