Primary

Context

Proget MDM Password Retrieval Vulnerability for Managed Devices

Vulnerability

A vulnerability in Proget Mobile Device Management (MDM) allows low-privileged users to retrieve passwords for managed devices, enabling access to functionalities restricted by the MDM. To exploit this vulnerability, users must know the UUIDs of the targeted devices, which can be obtained by exploiting related vulnerabilities, CVE-2025-1415 or CVE-2025-1417. This issue affects all Proget versions prior to 2.17.5.

Impact

Successful exploitation allows low-privileged users to access passwords for managed devices, bypassing MDM restrictions and potentially compromising device security.

Remediation

Users can update to Proget version 2.17.5 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Proget MDM Password Retrieval Vulnerability for Managed Devices

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating