Severity: High (7.0-8.9)
CVE ID: CVE-2025-8663
Details
This advisory address a vulnerability where users of the administration web or administration API can get sensitive information from the event history.
Problem type: CWE-532
Impact: CAPEC-560
Applicability
This advisory is applicable only when
| Product Name | Impacted Version(s) | Fixed Version(s) | Released On |
|---|---|---|---|
| upKeeper Manager | 5.0.0 to 5.2.12 | 5.2.13.1 | 2025-07-03 |
Impact
This vulnerability allows users to use information from the event history to access file shares and their files.
Fix
This issue has been fixed by updating upKeeper Manager Client API to 5.2.13.1 version or later.
Acknowledgements
This vulnerability was reported by one of our customers.
Please contact our security team (secure@upkeeper.se) for security related questions and product support (help@upkeeper.se) for questions about our products or services.
Comments
0 comments
Please sign in to leave a comment.