CVE-2025-40897 – Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0

CVE ID :CVE-2025-40897

Published : April 15, 2026, 8:18 a.m. | 1 hour, 39 minutes ago

Description :An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administrative actions on it, altering the rules configuration, and/or affecting their availability.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…