{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-24527", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-02-24T15:25:00.354Z", "dateReserved": "2025-01-23T00:00:00.000Z", "datePublished": "2025-01-29T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Enterprise Application Access", "vendor": "Akamai", "versions": [{"lessThan": "2025-01-17", "status": "affected", "version": "0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:akamai:enterprise_application_access:*:*:*:*:*:*:*:*", "versionEndExcluding": "2025-01-17"}]}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-02-24T15:25:00.354Z"}, "references": [{"url": "https://techdocs.akamai.com/eaa/changelog"}, {"url": "https://techdocs.akamai.com/eaa/changelog/january-29-2025"}], "tags": ["exclusively-hosted-service"], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-29T16:29:47.676007Z", "id": "CVE-2025-24527", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-30T21:39:29.307Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24527", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-29T16:29:47.676007Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-30T21:39:21.514Z"}}], "cna": {"tags": ["exclusively-hosted-service"], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}}], "affected": [{"vendor": "Akamai", "product": "Enterprise Application Access", "versions": [{"status": "affected", "version": "0", "lessThan": "2025-01-17", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://techdocs.akamai.com/eaa/changelog"}, {"url": "https://techdocs.akamai.com/eaa/changelog/january-29-2025"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:akamai:enterprise_application_access:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2025-01-17"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-02-24T15:25:00.354Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24527", "state": "PUBLISHED", "dateUpdated": "2025-02-24T15:25:00.354Z", "dateReserved": "2025-01-23T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-01-29T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["exclusively-hosted-service"]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Akamai Enterprise Application Access (EAA) antes del 17 de enero de 2025. Si un administrador conoce el GUID del conector de 128 bits de otro inquilino, puede ejecutar comandos de depuraci\u00f3n en ese conector."}], "id": "CVE-2025-24527", "lastModified": "2025-02-24T16:15:14.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 6.0, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-01-29T17:15:29.873", "references": [{"source": "cve@mitre.org", "url": "https://techdocs.akamai.com/eaa/changelog"}, {"source": "cve@mitre.org", "url": "https://techdocs.akamai.com/eaa/changelog/january-29-2025"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{}