Manager-Io Manager vulnerabilities
2 known vulnerabilities affecting manager-io/manager.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2025-64180P2CRITICALCVSS 10.0fixed in 25.11.1.30862025-11-07
CVE-2025-64180 [CRITICAL] CWE-367 CVE-2025-64180: Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and b
Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use (TOCTOU) condition that allows attackers to bypass network
nvd
CVE-2025-54122P2CRITICALCVSS 10.0fixed in 25.7.21.25252025-07-21
CVE-2025-54122 [CRITICAL] CWE-918 CVE-2025-54122: Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request
Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This vulnerability allows an unauthenticated attacker to bypass network isolation an
nvd