CVE-2025-0352

High

Published: 20 February 2025

Published

20 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0010 27.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users.

Security Summary

CVE-2025-0352 is a vulnerability in the API used by the Rapid Response Monitoring My Security Account App. An attacker can exploit the API by modifying request data, which may cause it to return information about other users. Published on 2025-02-20, the issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is linked to CWE-639 (Authorization Bypass Through User-Controlled Key).

The vulnerability enables remote, unauthenticated attackers to exploit it over the network with low complexity and no user interaction required. Successful exploitation results in high-impact confidentiality violations, allowing access to other users' information without affecting integrity or availability.

Mitigation guidance is available in CISA ICS Advisory ICSA-25-051-05 at https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-05. Additional support can be obtained by contacting Rapid Response Monitoring at https://www.rrms.com/contact-us/.

Details

CWE(s): CWE-639

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-05
ics-cert@hq.dhs.gov
https://www.rrms.com/contact-us/
ics-cert@hq.dhs.gov