ExtremeCloud Universal ZTNA Improper Authorization

Vulnerability

A syntax error in the searchKeyword condition within ExtremeCloud Universal ZTNA causes queries to bypass the owner_id filter. This vulnerability allows users to search data across the entire table instead of being restricted to their specific owner_id. Affected versions include all releases prior to 25.2.0 patch 2. [1]

Exploitation

An attacker requires a valid user account on the ExtremeCloud Universal ZTNA platform. By crafting a search query with a malformed searchKeyword condition, the owner_id filter is bypassed, enabling the attacker to access data belonging to other users across the table. No additional privileges or user interaction are required beyond authentication. [1]

Impact

Successful exploitation permits an authenticated user to view sensitive data of other users across the entire table, resulting in unauthorized information disclosure and a breach of confidentiality. The attacker can access data not intended for their role, potentially compromising the privacy of other users. [1]

Mitigation

The vulnerability is fixed in ExtremeCloud Universal ZTNA version 25.2.0 patch 2 and later. Users should upgrade to this version or later to remediate the issue. The classic UI is being retired in Q4 of 2025, but no customer action is required for that change. [1]