Jamf Pro 11.24.0 Security Bulletin: CVE-2025-55752, Broken Access Control, and XSS Fixes

From this webpage screenshot, the following key vulnerability information can be obtained: Resolved Issues Jamf Pro Server: Security Issues CVE-ID Issues: Fixed access control and cross-site scripting vulnerabilities. - [PI141230]: Broken access control vulnerability. - [PI144027]: Broken access control vulnerability. - [PI144208]: Cross-site scripting vulnerability. - [PI144322]: Broken access control vulnerability (CVE-2025-55752). Jamf Pro Server Identity Provider Integration: Fixed issues related to pre-filling Full Name fields during enrollment. MDM Command Handling: Resolved issues where commands were not appearing in Change Management logs. Configuration Profile Command Logs: Corrected incorrect logging of command statuses. MDM Command Visibility: Fixed visibility of specific commands such as Device Lock and Enable Lost Mode. Configuration Profile Redistributing: Resolved unexpected redistribution of profiles after inventory updates. File Upload Issues: Fixed issues where uploads were closing prematurely. JCD Service Uploads: Addressed problems with special characters in file names. Configuration Profiles with JSON Dependencies: Corrected handling of multiple conditions. Change Management Log Details: Fixed display of empty modal for recent policy changes. User Session Stability: Resolved random session terminations and forced logouts. “Activation Lock API endpoint”: Fixed issue where activation lock was not clearing. Classic API Endpoint for Patch Software Titles: Fixed 500 Internal Server Error. This document summarizes significant security and functional fixes included in the Jamf Pro 11.24.0 release.

Goal Reached Thanks to every supporter — we hit 100%!

Jamf Pro 11.24.0 Security Bulletin: CVE-2025-55752, Broken Access Control, and XSS Fixes