CVE-2022-25508: Improper Authentication in FreeTAKServer

March 12, 2022 (updated September 20, 2024)

FreeTAKServer is an open source, lightweight Server for connect TAK clients. An access control issue in the component /ManageRoute/postRoute of FreeTAKServer version 1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. There is currently no known workaround. This issue was fixed in version 1.9.8.5.

References

github.com/FreeTAKTeam/FreeTakServer
github.com/FreeTAKTeam/FreeTakServer/issues/291
github.com/advisories/GHSA-hggv-mcp4-vxc5
github.com/pypa/advisory-database/tree/main/vulns/freetakserver/PYSEC-2022-43054.yaml
nvd.nist.gov/vuln/detail/CVE-2022-25508

Detect and mitigate CVE-2022-25508 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →