CVE-2025-26201: Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenti...
Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.
Security readout for executives and security teams
Plain-English summary
CVE-2025-26201 is a critical credential disclosure issue reported in GreaterWMS <= 2.1.49. An unauthenticated remote attacker may obtain staff credentials through the /staff route, enabling authentication bypass and privilege escalation. The sources do not identify a confirmed vendor patch or active exploitation.
Executive priority
Treat this as urgent for any exposed GreaterWMS environment. The reported impact is credential disclosure leading to privilege escalation, which can compromise business operations and data integrity. Prioritize inventory, exposure reduction, credential rotation, and vendor guidance tracking.
Technical view
The CVE describes a network-accessible, low-complexity flaw with no required privileges or user interaction. CVSS 3.1 score is 9.1, with high confidentiality and integrity impact and no availability impact. Structured affected metadata is incomplete, but the title and description identify GreaterWMS <= 2.1.49.
Likely exposure
Organizations running internet-facing or broadly reachable GreaterWMS deployments at version 2.1.49 or earlier are the likely exposure group. Exposure is harder to confirm from the CVE metadata because vendor, product, CPE, and affected-version fields are listed as n/a.
Exploitation context
The source bundle does not show CISA KEV listing or cite confirmed active exploitation. Public references include a GitHub CVE writeup and a GreaterWMS issue, so defenders should assume the issue is publicly known without claiming exploitation is underway.
Researcher notes
Evidence is strong for severity and attack preconditions from the CVE record, but incomplete for affected metadata, patch status, and exploitation in the wild. Avoid over-scoping beyond GreaterWMS <= 2.1.49 until the project or CVE record provides clearer affected-product data.
Mitigation direction
Identify all GreaterWMS deployments and confirm their versions.
Check the GreaterWMS project issue and vendor guidance for an official fix.
Restrict external access to staff and administrative routes where feasible.
Review and rotate potentially exposed staff credentials.
Add monitoring for unauthenticated access attempts to sensitive routes.
Validation and detection
Confirm whether any deployment runs GreaterWMS 2.1.49 or earlier.
Verify that staff routes are not publicly reachable without intended controls.
Review web access logs for suspicious unauthenticated staff-route activity.
Confirm remediation against current GreaterWMS project guidance.
Document any compensating controls used before a vendor fix.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-294: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references authentication or credential exposure, so valid-account and credential-access review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
1CVSS vectors
3Timeline events
1ADP providers
3Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: pocAutomatable: noTechnical Impact: total
CVSS vector scores
1 official score
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-294 · source CWE mapping
Authentication Bypass by Capture-replay
Authentication Bypass by Capture-replay represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.