Client-Side Enforcement of Server-Side Security (CWE-602)... · CVE-2025-41402 · GitHub Advisory Database · GitHub

Client-Side Enforcement of Server-Side Security (CWE-602)...

Moderate severity Unreviewed Published Oct 23, 2025 to the GitHub Advisory Database • Updated Oct 23, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Client-Side Enforcement of Server-Side Security (CWE-602) in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks.

This issue affects Command Centre Server:

9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), all versions of 9.00 and prior.

References

Published by the National Vulnerability Database

Oct 23, 2025

Published to the GitHub Advisory Database Oct 23, 2025

Last updated Oct 23, 2025

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N