CVE Catalog

CVE-2025-26201

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.53%

41th percentile - higher than 41% of all known CVEs

Summary

A credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attacker to bypass authentication and escalate privileges.

Risk Assessment

The organization is at risk of unauthorized access to the warehouse management system, potentially leading to data theft, inventory manipulation, or full application compromise.

Recommendation

Immediately upgrade GreaterWMS to a version later than 2.1.49 where the vulnerability is patched. If an upgrade is not possible, restrict access to the /staff route using a firewall or access control lists.

Original NVD description (English source)

Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS