CVE-2025-15070

Vulnerability

Overview

CVE-2025-15070 is an authorization bypass vulnerability in Gmission Web Fax, affecting versions from 3.0 before 3.0.1. The software is a network-based fax solution for sending and receiving fax documents, managing fax info, and handling shared and personal fax inboxes [1]. The root cause is missing authorization checks, which allows an unauthenticated or unauthorized actor to access sensitive information [1].

Exploitation and

Attack Surface

This vulnerability can be exploited over the network without requiring authentication, as the description indicates 'Authentication Abuse' and 'Missing Authorization' [1]. An attacker who can reach the application can abuse the lack of proper access controls to access data that should be protected [1]. The attack vector is likely simple, as no special privileges are needed to initiate the exploit [1].

Impact

An attacker exploiting this flaw can gain unauthorized access to sensitive information, such as fax documents, fax management data, and personal or shared fax inbox contents [1]. This can lead to leakage of confidential communications and compromise of user privacy. The CVSS v3 score of 5.5 (Medium) reflects the potential for significant information disclosure [1].

Mitigation

The vulnerability is fixed in Web Fax version 3.0.1 and later [1]. Users should upgrade to the patched version immediately. There are no known workarounds; applying the update is the only reliable way to remediate the issue [1]. This CVE is not listed in the CISA Known Exploited Vulnerabilities catalog as of the publication date [1].