Description
An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administrative actions on it, altering the rules configuration, and/or affecting their availability.
Published: 2026-04-15
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized administrative access to Threat Intelligence functionality
Action: Patch immediately
AI Analysis

Impact

An access control flaw allows an authenticated user with only view‑only rights for Threat Intelligence to execute administrative commands, modify rules, and potentially disrupt service availability. The weakness is a classic enforcement failure (CWE‑863).

Affected Systems

The vulnerability affects Nozomi Networks CMC and Guardian products running any version prior to 26.0.0. The flaw resides in the Threat Intelligence module of these platforms.

Risk and Exploitability

The CVSS score of 7.2 reflects a high impact and requires authenticated access. EPSS data is not available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting low current exploitation activity. The attack path requires valid credentials for a user with view‑only privileges; once authenticated, the user can bypass permission checks and alter configuration or disrupt availability.

Generated by OpenCVE AI on April 15, 2026 at 10:52 UTC.

Remediation

Vendor Solution

Upgrade to v26.0.0 or later.

Vendor Workaround

Remove or revoke access to Threat Intelligence users with view-only privileges until a fix is applied.

OpenCVE Recommended Actions

  • Upgrade Nozomi Networks CMC or Guardian to version 26.0.0 or later to eliminate the faulty authorization check.
  • If an upgrade cannot be performed immediately, revoke or remove view‑only privileges for all Threat Intelligence users until the patch is applied.
  • Continuously monitor system logs for unauthorized administrative actions on Threat Intelligence components and alert on suspicious activity.

Generated by OpenCVE AI on April 15, 2026 at 10:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
Description An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administrative actions on it, altering the rules configuration, and/or affecting their availability.
Title Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0
First Time appeared Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
Weaknesses CWE-863
CPEs cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nozomi Networks Cmc Guardian
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-04-15T13:20:48.924Z

Reserved: 2025-04-16T09:04:35.922Z

Link: CVE-2025-40897

cve-icon Vulnrichment

Updated: 2026-04-15T13:20:44.927Z

cve-icon NVD

Status : Received

Published: 2026-04-15T09:16:29.777

Modified: 2026-04-15T09:16:29.777

Link: CVE-2025-40897

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T13:49:14Z

Weaknesses