CVE-2025-30037

Published Aug 27, 2025

Last updated 7 months ago

CVSS high 8.8
Port (443)

Overview

Description
The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host able to reach the application server on port 443/tcp.
Source
cvd@cert.pl
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.8
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

cvd@cert.pl
CWE-306

Social media

Hype score
Not currently trending

  1. [CVE-2025-30037: HIGH] Critical vulnerability alert! Endpoints with "/int/" path accessible without authentication. Protect your system by restricting access to internal services now. #cybersecurity#cve,CVE-2025-30037,#cybersecurity https://t.co/WFaebyU6gE https://t.co/voDa441vz3

    @CveFindCom

    27 Aug 2025

    109 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.CVE-2026-22769
  2. Soliton Systems K.K FileZen OS Command Injection VulnerabilityCVE-2026-25108
  3. Ivanti Endpoint Manager Mobile (EPMM) Code Injection VulnerabilityCVE-2026-1281
  4. Cisco Multiple Products Improper Input Validation VulnerabilityCVE-2025-20393
  5. A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.CVE-2025-46811

References

Sources include official advisories and independent security research.