Unrated severityNVD Advisory· Published Jul 21, 2025· Updated Jul 22, 2025

CVE-2025-43720

Description

Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile.

Affected products

Headwind/MDMdescription
Headwind MDM/Headwind MDMllm-create
Range: <5.33.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/h-mdm/hmdm-server/commit/19e4a63f732c99064444df7e8c61b4f01df362e8mitre
github.com/h-mdm/hmdm-server/compare/v5.32.1...v5.33.1mitre
www.periculo.co.uk/cyber-security-blog/how-our-pen-tester-found-a-critical-vulnerability-cve-2025-43720mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000