{"id":12455,"date":"2025-06-12T13:26:58","date_gmt":"2025-06-12T11:26:58","guid":{"rendered":"https:\/\/clue.ch\/?p=12455"},"modified":"2025-06-12T16:07:40","modified_gmt":"2025-06-12T14:07:40","slug":"clue-deckt-auf-kritische-cve-entdeckt","status":"publish","type":"post","link":"https:\/\/clue.de\/en\/blog\/clue-discovers-critical-cve-identified\/","title":{"rendered":"CLUE Discovers: Critical CVE Identified"},"content":{"rendered":"\ufeff<\/span>\r\n

A few weeks ago, a customer approached us with the request to secure a business-critical application with our Managed Application Protection<\/a> Service. CLUE pursues a multi-level, risk-based approach that differs significantly from the industry standard: Before an application is integrated into our security infrastructure, we carry out a comprehensive attack surface analysis. This initial assessment enables us to define protection mechanisms that are precisely tailored to the target architecture – instead of being based on generic rule sets, as used in many standard market solutions.<\/p>\r\n\r\n\r\n\r\n

As part of the preliminary analysis, our security specialist Manuel Walder has identified a serious vulnerability in the application’s data flow.  CVE\u20112025\u20112407 (CVSS 9.3)<\/strong> affects the Mobatime AMX MTAPI version 6, which is operated on IIS. Due to the lack of authentication and authorization controls in the Web API, an attacker can gain unrestricted access to all API functions.<\/strong><\/p>\r\n\r\n\r\n\r\n

What is particularly critical is that conventional security solutions cannot detect or eliminate the vulnerability. The cause lies in the business logic of the application – an area that conventional protection mechanisms often do not cover.<\/strong><\/p>\r\n\r\n\r\n\r\n

After identifying the vulnerability, CLUE worked closely with the affected customer, the software manufacturer and the National Cyber Security Center (NCSC). The vulnerability was carefully validated and communicated in a coordinated disclosure process. This intensive collaboration resulted in the official allocation of the identifier CVE-2025-2407<\/strong><\/a> and ensured that both technical and regulatory requirements were met – to protect all affected users. The entire process clearly shows that effective protection requires, above all, a deep understanding of the real risks.<\/p>\r\n\r\n\r\n\r\n

Conclusion: Protection Begins with Awareness<\/strong><\/h3>\r\n\r\n\r\n\r\n

This incident illustrates how deceptive trust in security solutions can be when they are implemented without contextual knowledge. CLUE therefore consistently relies on a combined approach:<\/p>\r\n\r\n\r\n\r\n