Security Advisory

CVE-2025-22956

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-08 00:00:00

Last updated 2025-09-09 17:32:39

Assigner mitre

State PUBLISHED

Description

OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One example of this is a domain join account password for the windomain package.

← Browse all CVEs View on cve.org ↗