Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Q-Free | MaxTime | unaffected |
|
No data.
No data available yet.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2025-4188 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests. |
Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Fri, 11 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Thu, 10 Apr 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Q-free
Q-free maxtime |
|
| CPEs | cpe:2.3:a:q-free:maxtime:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Q-free
Q-free maxtime |
Wed, 12 Feb 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 12 Feb 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests. | |
| Weaknesses | CWE-862 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Nozomi
Published:
Updated: 2025-02-17T10:11:47.419Z
Reserved: 2025-02-07T09:03:18.090Z
Link: CVE-2025-26376
Vulnrichment
Updated: 2025-02-12T14:11:10.448Z
NVD
Status : Undergoing Analysis
Published: 2025-02-12T14:15:38.777
Modified: 2025-04-10T19:54:07.187
Link: CVE-2025-26376
Redhat
No data.
OpenCVE Enrichment
No data.