Improper Authentication in FreeTAKServer

GHSA-hggv-mcp4-vxc5 · CVE-2022-25508 · PYSEC-2022-43054

Published Mar 12, 2022 · Modified Jun 10, 2026

Description

FreeTAKServer is an open source, lightweight Server for connect TAK clients. An access control issue in the component /ManageRoute/postRoute of FreeTAKServer version 1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. There is currently no known workaround. This issue was fixed in version 1.9.8.5.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-25508
WEB https://github.com/FreeTAKTeam/FreeTakServer/issues/291
PACKAGE https://github.com/FreeTAKTeam/FreeTakServer
WEB https://github.com/pypa/advisory-database/tree/main/vulns/freetakserver/PYSEC-2022-43054.yaml

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes