Description
Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings.
This vulnerability has been fixed in version 5.6.3
Published: 2026-04-20
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access to sensitive data
Action: Upgrade
AI Analysis

Impact

Fudo Enterprise API endpoints fail to enforce proper authorization, allowing users with limited privileges to retrieve administrative data such as system logs and configuration settings. This flaw provides direct access to sensitive information, compromising confidentiality and potentially exposing operational secrets.

Affected Systems

All installations of Fudo Security Fudo Enterprise running versions 5.5.0 through 5.6.2 are affected. The issue has been fixed in version 5.6.3 and later.

Risk and Exploitability

The vulnerability has a CVSS score of 5.1, indicating moderate severity. It is not listed in the CISA KEV catalog and no EPSS score is available. Exploitation requires an existing user account with non-administrative privileges, so attacks are typically internal or on trusted networks where such accounts exist. The attacker can read logs and configuration settings, but the impact is limited to data disclosure rather than system compromise.

Generated by OpenCVE AI on April 20, 2026 at 10:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Fudo Enterprise version 5.6.3 or later to receive the official fix.
  • Enforce strict role‑based access controls on API endpoints so only administrators can access logs and configuration data.
  • Monitor API usage for abnormal access patterns to detect and respond to potential misuse of privileges.

Generated by OpenCVE AI on April 20, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
Description Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been fixed in version 5.6.3
Title Incorrect authorization in Fudo Enterprise
Weaknesses CWE-863
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-04-20T13:28:18.280Z

Reserved: 2025-11-20T14:44:26.478Z

Link: CVE-2025-13480

cve-icon Vulnrichment

Updated: 2026-04-20T13:28:15.072Z

cve-icon NVD

Status : Received

Published: 2026-04-20T10:16:16.060

Modified: 2026-04-20T10:16:16.060

Link: CVE-2025-13480

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T10:30:04Z

Weaknesses