CVE-2025-40897
Published: 15 April 2026
Summary
CVE-2025-40897 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Nozominetworks (inferred from references). Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 24.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-40897 is an access control vulnerability (CWE-863) in the Threat Intelligence functionality of Nozomi Networks products. The issue arises from a specific access restriction not being properly enforced for users with view-only privileges, allowing them to perform administrative actions. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and was published on 2026-04-15.
An authenticated attacker possessing view-only privileges for the Threat Intelligence functionality can exploit this vulnerability remotely with low complexity and no user interaction required. Successful exploitation enables the attacker to conduct administrative actions, such as altering the rules configuration or impacting the functionality's availability, resulting in high integrity and availability impacts.
Mitigation details are available in the vendor advisory at https://security.nozominetworks.com/NN-2026:1-01.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-209469
Vulnerability details
An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administrative…
more
actions on it, altering the rules configuration, and/or affecting their availability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Access control bypass (CWE-863) allows authenticated view-only users to perform admin actions such as config/rule changes, directly mapping to exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces approved access authorizations, preventing view-only users from performing unauthorized administrative actions on Threat Intelligence functionality.
Implements least privilege to restrict view-only users from accessing or executing administrative functions that alter rules or impact availability.
Enforces logical access restrictions specifically for configuration changes, mitigating unauthorized alterations to Threat Intelligence rules.