CVE-2025-51054
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk30th percentile - higher than 30% of all known CVEs
Summary
A vulnerability in Vedo Suite 2024.17 allows unauthenticated remote attackers to obtain a valid high-privilege JWT token by sending an empty HTTP POST request to the /autologin/ endpoint, due to incorrect access control.
Risk Assessment
An attacker can gain full control over the Vedo Suite system, accessing sensitive data and administrative functions without authentication.
Recommendation
Immediately update Vedo Suite to the latest version and enable multi-factor authentication for all administrative accounts.
Original NVD description (English source)
Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint.

