{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-56015", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-09T14:13:14.874Z", "dateReserved": "2025-08-16T00:00:00.000Z", "datePublished": "2026-04-07T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-07T19:20:28.344Z"}, "descriptions": [{"lang": "en", "value": "In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/genieacs/genieacs/"}, {"url": "https://github.com/e1st/CVE-2025-56015"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T14:10:39.278930Z", "id": "CVE-2025-56015", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T14:13:14.874Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-56015", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-09T14:10:39.278930Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T14:13:09.355Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/genieacs/genieacs/"}, {"url": "https://github.com/e1st/CVE-2025-56015"}], "descriptions": [{"lang": "en", "value": "In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-07T19:20:28.344Z"}}}, "cveMetadata": {"cveId": "CVE-2025-56015", "state": "PUBLISHED", "dateUpdated": "2026-04-09T14:13:14.874Z", "dateReserved": "2025-08-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-07T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:genieacs:genieacs:1.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "941E4964-CBF1-4A75-A497-5B93DC9A0E25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint."}], "id": "CVE-2025-56015", "lastModified": "2026-04-10T19:02:30.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-07T20:16:22.790", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/e1st/CVE-2025-56015"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/genieacs/genieacs/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.2.13"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "genieacs", "vendor": "genieacs"}], "analysis": {"en": {"generated_at": "2026-04-09T16:54:11.469981+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2013issued patch or update GenieACS to a version that resolves the unauthenticated access flaw.", "If an immediate update is not possible, restrict external traffic to the NBI API endpoint using firewall rules or network segmentation so that only trusted hosts can reach it.", "After remediation, verify that the endpoint requires authentication by testing that unauthenticated requests are rejected."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Access to API"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the GenieACS management platform on version 1.2.13. No other products or vendors are listed as impacted in the available data.", "description_and_impact": "GenieACS version 1.2.13 contains an unauthenticated access vulnerability in its NBI API endpoint that allows an attacker to send API requests without credentials. The flaw could enable unauthorized configuration changes, device provisioning, or denial\u2011of\u2011service actions, and is classified as a missing access control weakness (CWE\u2011284).", "risk_and_exploitability": "The CVSS score of 7.5 indicates high severity. However, the EPSS score is below 1 % and the vulnerability is not listed in the CISA KEV catalog, suggesting a low likelihood of exploitation at present. The attack vector is inferred to be remote because the NBI API can be accessed over a network without authentication, allowing an attacker to reach the endpoint from any reachable host."}}}}, "created": "2026-04-08T19:38:37.597573+00:00", "updated": "2026-04-10T09:41:45.770631+00:00", "vendors": ["genieacs", "genieacs$PRODUCT$genieacs"]}