CVE-2025-26201
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk41th percentile - higher than 41% of all known CVEs
Summary
A credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attacker to bypass authentication and escalate privileges.
Risk Assessment
The organization is at risk of unauthorized access to the warehouse management system, potentially leading to data theft, inventory manipulation, or full application compromise.
Recommendation
Immediately upgrade GreaterWMS to a version later than 2.1.49 where the vulnerability is patched. If an upgrade is not possible, restrict access to the /staff route using a firewall or access control lists.
Original NVD description (English source)
Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.

