Security Advisory

CVE-2025-48741

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-23 00:00:00

Last updated 2025-05-23 21:19:24

Assigner mitre

State PUBLISHED

Description

A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the users permissions, through a specific API endpoint.

← Browse all CVEs View on cve.org ↗