CVE-2025-26370 – This vulnerability allows authenticated low-pri... (How to Fix)

Q: What is the severity of CVE-2025-26370?

CVE-2025-26370 has a CVSS score of 7.1 (HIGH). This vulnerability allows authenticated low-privileged attackers to remove privileges from user groups in Q-Free MaxTime traffic management systems. Attackers can escalate privileges or disrupt operations by modifying group permissions. Organizations using Q-Free MaxTime version 2.11.0 or earlier are affected.

📋 TL;DR

This vulnerability allows authenticated low-privileged attackers to remove privileges from user groups in Q-Free MaxTime traffic management systems. Attackers can escalate privileges or disrupt operations by modifying group permissions. Organizations using Q-Free MaxTime version 2.11.0 or earlier are affected.

💻 Affected Systems

Products:

Q-Free MaxTime

Versions: Versions <= 2.11.0

Operating Systems: Not OS-specific - affects MaxTime application

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations running vulnerable versions regardless of configuration.

📦 What is this software?

Maxtime by Q Free

View all CVEs affecting Maxtime →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could remove all administrative privileges, causing complete loss of system control and potentially disrupting traffic management operations.

🟠

Likely Case

Attackers would remove specific privileges to gain unauthorized access to sensitive functions or disrupt normal user operations.

🟢

If Mitigated

With proper network segmentation and monitoring, impact would be limited to isolated systems with quick detection and remediation.

🌐 Internet-Facing: MEDIUM - Systems exposed to internet are vulnerable if authentication is bypassed or compromised, but exploitation requires authenticated access.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts can exploit this to escalate privileges and gain unauthorized system access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access but low privilege accounts can exploit. Crafted HTTP requests to specific endpoint needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version > 2.11.0

Vendor Advisory: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26370

Restart Required: No

Instructions:

1. Contact Q-Free for updated version >2.11.0. 2. Backup current configuration. 3. Apply vendor-provided patch or upgrade. 4. Verify authorization checks in user-group management functions.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to MaxTime administration interfaces to authorized IPs only

Enhanced Monitoring

all

Implement monitoring for user-group privilege modification attempts

🧯 If You Can't Patch

Implement strict network segmentation to isolate MaxTime systems
Enforce principle of least privilege for all user accounts and monitor for privilege changes

🔍 How to Verify

Check if Vulnerable:

Check MaxTime version via admin interface or configuration files. If version <=2.11.0, system is vulnerable.

Check Version:

Check MaxTime web interface admin panel or consult system documentation for version command

Verify Fix Applied:

After patching, test that low-privileged users cannot modify user-group privileges via the affected endpoint.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /maxprofile/user-groups/ endpoints from low-privileged accounts
Unexpected user-group privilege modifications

Network Indicators:

Unusual patterns of HTTP requests to user-group management endpoints

SIEM Query:

source="maxtime" AND (uri_path="/maxprofile/user-groups/" OR event="privilege_change") AND user_privilege="low"

📊 Metadata

CVE ID: CVE-2025-26370

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

CWE: CWE-862

EPSS Score: 0.24% exploit probability (47.2th percentile)

Published: February 12, 2025

Last Updated: October 28, 2025

🔗 References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26370 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26370, you might also want to check these: