CVE-2025-48741 Information

Description

A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16 5.3.0 before 5.3.11 and 5.4.0 before 5.4.10 allows remote authenticated and unprivileged users to retrieve alerts cases logs observables or tasks regardless of the user’s permissions through a specific API endpoint.

Reference

https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-004.md