CVE-2025-48741

Vulnerability Description

A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API endpoint.

Related Weaknesses (CWE)

CWE-266

References

https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SE

FAQ

What is CVE-2025-48741?

CVE-2025-48741 is a documented vulnerability. A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, c...

How severe is CVE-2025-48741?

CVSS scoring is not yet available for CVE-2025-48741. Check NVD for updates.

Is there a patch for CVE-2025-48741?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.