{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14716", "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90", "state": "PUBLISHED", "assignerShortName": "Secomea", "dateReserved": "2025-12-15T12:39:50.601Z", "datePublished": "2026-03-19T10:52:30.851Z", "dateUpdated": "2026-03-19T13:17:10.368Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f2815942-3388-4c08-ba09-6c15850fda90", "shortName": "Secomea", "dateUpdated": "2026-03-19T10:52:30.851Z"}, "title": "Unauthorized access to information", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "affected": [{"vendor": "Secomea", "product": "GateManager", "modules": ["webserver"], "versions": [{"status": "affected", "version": "11.4;0", "lessThan": "11.5.625504039", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.This issue affects GateManager: 11.4;0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.<p>This issue affects GateManager: 11.4;0.</p>"}]}], "references": [{"url": "https://www.secomea.com/support/cybersecurity-advisory/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T13:17:02.566290Z", "id": "CVE-2025-14716", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:17:10.368Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14716", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-19T13:17:02.566290Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:17:06.967Z"}}], "cna": {"title": "Unauthorized access to information", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Secomea", "modules": ["webserver"], "product": "GateManager", "versions": [{"status": "affected", "version": "11.4;0", "lessThan": "11.5.625504039", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.secomea.com/support/cybersecurity-advisory/"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.This issue affects GateManager: 11.4;0.", "supportingMedia": [{"type": "text/html", "value": "Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.<p>This issue affects GateManager: 11.4;0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "f2815942-3388-4c08-ba09-6c15850fda90", "shortName": "Secomea", "dateUpdated": "2026-03-19T10:52:30.851Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14716", "state": "PUBLISHED", "dateUpdated": "2026-03-19T13:17:10.368Z", "dateReserved": "2025-12-15T12:39:50.601Z", "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90", "datePublished": "2026-03-19T10:52:30.851Z", "assignerShortName": "Secomea"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.This issue affects GateManager: 11.4;0."}], "id": "CVE-2025-14716", "lastModified": "2026-03-19T13:25:00.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "VulnerabilityReporting@secomea.com", "type": "Secondary"}]}, "published": "2026-03-19T11:16:14.857", "references": [{"source": "VulnerabilityReporting@secomea.com", "url": "https://www.secomea.com/support/cybersecurity-advisory/"}], "sourceIdentifier": "VulnerabilityReporting@secomea.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "VulnerabilityReporting@secomea.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[11.4;0,11.5.625504039)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "GateManager", "source": "cna", "vendor": "Secomea"}, "product": "gatemanager", "vendor": "secomea"}], "analysis": {"en": {"generated_at": "2026-03-19T12:50:41.311496+00:00", "value": {"mitigation_remediation": ["Apply a vendor patch or upgrade Secomea GateManager to a version that resolves the authentication bypass flaw; check the vendor\u2019s advisory for a release date.", "Re\u2011configure the GateManager web interface to require authentication for all administrative functions and disable any anonymous or guest access options.", "Restrict network access to the GateManager management UI using IP whitelisting or firewall rules to limit exposure to trusted hosts."], "summary": {"action": "Patch Now", "impact": "Authentication Bypass / Unauthorized Access"}, "threat_synthesis": {"affected_systems": "The flaw affects Secomea GateManager version 11.4.0, as specified by the CNA\u2019s affected product list. No other product or version information is provided in the CVE data.", "description_and_impact": "An improper authentication flaw in the Secomea GateManager webserver modules allows an attacker to bypass credential checks, granting unauthorized access to the management interface and any resources managed by the system. The vulnerability is classified as CWE-287, identifying it as an authentication bypass weakness. If exploited, an attacker could compromise the confidentiality and integrity of configuration data and potentially perform further actions within the managed environment.", "risk_and_exploitability": "The CVSS score of 6.5 places the vulnerability in the moderate severity range. EPSS data is unavailable and the issue is not listed in the CISA KEV catalog, indicating no known exploitation activity currently. Based on the description, the likely attack vector is through the publicly accessible web interface where authentication is enforced but can be bypassed; however, the exact conditions and prerequisites for exploitation are not detailed in the supplied information."}}}}, "created": "2026-03-20T08:56:57.685790+00:00", "updated": "2026-03-20T14:15:09.203740+00:00", "vendors": ["secomea", "secomea$PRODUCT$gatemanager"]}