Report an incident
Back
  • About us
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy Bezpieczny telefon
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
Projects
n6 Artemis MWDB
CVD program
CVD policy Advisories

Vulnerability in Fudo Enterprise software
20 April 2026 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2025-13480
Publication date 20 April 2026
Vendor Fudo Security
Product Fudo Enterprise
Vulnerable versions From 5.5.0 through 5.6.2
Vulnerability type (CWE) Incorrect Authorization (CWE-863)
Report source Report to CERT Polska

Description

CERT Polska has received a report about vulnerability in Fudo Enterprise software and participated in coordination of its disclosure.

The vulnerability CVE-2025-13480: Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings.

This vulnerability has been fixed in version 5.6.3

Credits

We thank Fudo Security company for reporting the vulnerability.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.