Vulnerability Description
Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculate the checksum and generate a valid license to grant themselves full privileges without credentials or access to the source code, allowing them unrestricted access to GAMS's mathematical models and commercial solvers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gams | Gams | < 48.7.0 |
Related Weaknesses (CWE)
References
- https://www.gams.com/latest/docs/RN_51.htmlRelease Notes
- https://www.incibe.es/en/incibe-cert/notices/aviso/authorization-bypass-gams-gamThird Party Advisory
FAQ
What is CVE-2025-41086?
CVE-2025-41086 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum ...
How severe is CVE-2025-41086?
CVE-2025-41086 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-41086?
Check the references section above for vendor advisories and patch information. Affected products include: Gams Gams.