cbcvebase.
CVE-2025-1102
published 2025-02-12

CVE-2025-1102: A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker…

PriorityP433high7.1CVSS 3.1
AVLACLPRNUIRSUCHIHAN
EPSS
0.14%
3.5th percentile
A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability via crafted URLs or HTTP requests.

Affected

8 ranges
VendorProductVersion rangeFixed in
linuxlinux_kernel>= 5.11.0 < 5.15.1985.15.198
linuxlinux_kernel>= 5.16.0 < 6.1.1606.1.160
linuxlinux_kernel>= 5.5.0 < 5.10.2485.10.248
linuxlinux_kernel>= 6.13.0 < 6.17.126.17.12
linuxlinux_kernel>= 6.18.0 < 6.18.16.18.1
linuxlinux_kernel>= 6.2.0 < 6.6.1206.6.120
linuxlinux_kernel>= 6.7.0 < 6.12.626.12.62
q-freemaxtime<= 2.11.0

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.