Main Vulnerability Database Vulnerabilities #VU111079

#VU111079 Improper authentication in Qlik Alerting - CVE-2025-31509

Published: June 11, 2025

Vulnerability identifier: #VU111079

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-31509

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Qlik Alerting

Software vendor:
QlikTech International AB

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the authentication process. A remote non-authenticated attacker can bypass basic authentication and gain unauthorized access to the server.

Successful exploitation of the vulnerability may result in full system compromise.

Remediation

Install updates from vendor's website.

External links

https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fix-for-Qlik-Alerting-CVE-2025-31509/ta-p/2511642

#VU111079 Improper authentication in Qlik Alerting - CVE-2025-31509

Description

Remediation

External links

Please verify you're human