CVE-2025-26371 – This vulnerability allows authenticated low-pri... (How to Fix)

Q: What is the severity of CVE-2025-26371?

CVE-2025-26371 has a CVSS score of 8.8 (HIGH). This vulnerability allows authenticated low-privileged attackers to add users to groups in Q-Free MaxTime systems via crafted HTTP requests. It affects Q-Free MaxTime versions up to and including 2.11.0. Attackers could escalate privileges or modify system access controls.

📋 TL;DR

This vulnerability allows authenticated low-privileged attackers to add users to groups in Q-Free MaxTime systems via crafted HTTP requests. It affects Q-Free MaxTime versions up to and including 2.11.0. Attackers could escalate privileges or modify system access controls.

💻 Affected Systems

Products:

Q-Free MaxTime

Versions: ≤ 2.11.0

Operating Systems: Any OS running MaxTime

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to MaxTime web interface. All deployments with vulnerable versions are affected.

📦 What is this software?

Maxtime by Q Free

View all CVEs affecting Maxtime →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could add themselves or others to administrative groups, gaining full system control, then pivot to other systems or deploy ransomware.

🟠

Likely Case

Attackers add themselves to privileged groups to bypass access controls, view sensitive data, or modify system configurations.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to the affected MaxTime system with quick detection of unauthorized group modifications.

🌐 Internet-Facing: HIGH if MaxTime web interface is exposed to internet, as authenticated attackers could exploit remotely.

🏢 Internal Only: HIGH as authenticated internal users (including compromised accounts) can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access and knowledge of HTTP request crafting. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: > 2.11.0

Vendor Advisory: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26371

Restart Required: No

Instructions:

1. Upgrade MaxTime to version newer than 2.11.0. 2. Verify the patch is applied by checking version. 3. Review user group assignments for unauthorized changes.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to MaxTime web interface to authorized users only using firewall rules or network segmentation.

Enhanced Monitoring

all

Monitor user group modification logs and alert on suspicious activity from low-privileged accounts.

🧯 If You Can't Patch

Implement strict network segmentation to isolate MaxTime systems from critical infrastructure
Enable detailed logging of all user group modifications and implement real-time alerting

🔍 How to Verify

Check if Vulnerable:

Check MaxTime version via web interface or configuration files. If version ≤ 2.11.0, system is vulnerable.

Check Version:

Check MaxTime web interface admin panel or configuration files for version information

Verify Fix Applied:

Verify version is > 2.11.0 and test that low-privileged users cannot add users to groups via HTTP requests.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to user-groups endpoints from low-privileged accounts
Unexpected user group membership changes in audit logs

Network Indicators:

HTTP traffic to /maxprofile/user-groups/ endpoints with POST method from unauthorized sources

SIEM Query:

source="maxtime" AND (uri_path="/maxprofile/user-groups/" AND http_method="POST") AND user_role="low_privilege"

📊 Metadata

CVE ID: CVE-2025-26371

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

EPSS Score: 0.3% exploit probability (53.3th percentile)

Published: February 12, 2025

Last Updated: April 10, 2025

🔗 References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26371 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26371, you might also want to check these: