Vulnerability DatabaseCVE-2025-26846

CVE-2025-26846:
Linux Debian vulnerability analysis and mitigation

Overview

A security vulnerability identified as CVE-2025-26846 was discovered in Znuny, affecting all versions from LTS 6.5.1 through 6.5.11, versions 7.0.1 through 7.1.3, and all versions of LTS 6.0. The vulnerability was disclosed on February 12, 2025, and involves incorrect permissions checking in the generic interface, allowing ticket attributes to be changed with 'ro' (read-only) permission (Znuny Advisory).

Technical details

The vulnerability is classified with a medium priority and relates to improper permission validation in the generic interface of Znuny. The issue specifically involves a wrong permissions check that allows modification of ticket attributes even with read-only permissions (Ubuntu Security, Debian Tracker).

Impact

The vulnerability allows unauthorized modification of ticket attributes in the system, potentially compromising the integrity of ticket data when users with read-only permissions can make changes they shouldn't be allowed to perform (Znuny Advisory).

Mitigation and workarounds

The issue has been addressed in newer versions of the software. Users are recommended to upgrade to patched versions. For Debian systems, fixed versions are available in trixie/non-free and sid/non-free with version 6.5.14-1 (Debian Tracker).