CVE-2022-25787— GTA URLs issued by LMM WEB API may leak information

CVSS 7.5 · High EPSS 0.06% · P19 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-25787

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

GTA URLs issued by LMM WEB API may leak information

Source: NVD (National Vulnerability Database)

Vulnerability Description

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

通过GET请求中的查询字符串导致的信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

Secomea GateManager 信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Secomea GateManager是丹麦Secomea公司的一款远程访问服务器产品。 Secomea GateManager 9.7 之前的所有版本存在安全漏洞，该漏洞源于 LMM API 的 GET 请求中的查询字符串信息暴露，允许系统管理员劫持连接。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Secomea	GateManager	all ~ 9.7	-

II. Public POCs for CVE-2022-25787

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-25787

请登录查看更多情报信息。

Same Patch Batch · Secomea · 2022-05-04 · 11 CVEs total

CVE-2022-25784	9.1 CRITICAL	User controllable HTML element attribute (potential XSS)
CVE-2022-25785	6.6 MEDIUM	Buffer overrun
CVE-2021-32010	5.6 MEDIUM	Clients may connect to a GateManager with TLS 1.0
CVE-2022-25782	5.4 MEDIUM	Insufficient privilege checks on object access and updates.
CVE-2022-25786	4.9 MEDIUM	GateManager debug interface is included in production builds
CVE-2022-25779	4.3 MEDIUM	Insufficient scope checks allows adding unrelated audit log entries
CVE-2022-25780	4.3 MEDIUM	Information leak via device availability query function
CVE-2022-25783	4.3 MEDIUM	Hacking attempts from logged-in users are not properly logged by GM
CVE-2022-25778	4.2 MEDIUM	Unload handlers may unintentionally defeat CSRF guards
CVE-2022-25781	4.2 MEDIUM	Reflected XSS issues in GateManager

IV. Related Vulnerabilities

Same product: GateManager

Same vendor: Secomea

Same weakness: CWE-598

V. Comments for CVE-2022-25787

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-25787— GTA URLs issued by LMM WEB API may leak information

I. Basic Information for CVE-2022-25787

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-25787

III. Intelligence Information for CVE-2022-25787

Same Patch Batch · Secomea · 2022-05-04 · 11 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-25787

Leave a comment