Missing Authorization vulnerability in Gmission Web Fax allows Privilege Abuse, Session Credential Falsification through Manipulation.This issue affects Web Fax: 3.0

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Gmission
  • Web Fax

Configuration 1 [-]

cpe:2.3:a:gmission:web_fax:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://www.gmission.co.kr/fax1 cve-icon cve-icon
History

Fri, 09 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Gmission Web Fax allows Privilege Abuse, Session Credential Falsification through Manipulation.This issue affects Web Fax: from 3.0 before 4.0. Missing Authorization vulnerability in Gmission Web Fax allows Privilege Abuse, Session Credential Falsification through Manipulation.This issue affects Web Fax: 3.0

Wed, 07 Jan 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Gmission
Gmission web Fax
CPEs cpe:2.3:a:gmission:web_fax:*:*:*:*:*:*:*:*
Vendors & Products Gmission
Gmission web Fax

Mon, 29 Dec 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 29 Dec 2025 05:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Gmission Web Fax allows Privilege Abuse, Session Credential Falsification through Manipulation.This issue affects Web Fax: from 3.0 before 4.0.
Title Account Takeover in Gmission Web FAX
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: FSI

Published: 2025-12-29T05:05:42.777Z

Updated: 2026-01-08T23:57:12.523Z

Reserved: 2025-12-24T04:53:24.530Z

Link: CVE-2025-15068

cve-icon Vulnrichment

Updated: 2025-12-29T17:36:52.364Z

cve-icon NVD

Status : Modified

Published: 2025-12-29T06:15:51.533

Modified: 2026-01-09T00:15:43.773

Link: CVE-2025-15068

cve-icon Redhat

No data.