Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-0556

In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing.

Published

2025-02-12T16:15:43.030

Last Modified

2025-02-20T20:41:40.723

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-319

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	progress	telerik_report_server	< 11.0.25.211	Yes

References

https://docs.telerik.com/report-server/knowledge-base/kb-security-cleartext-transmission-cve-2025-0556 Vendor Advisory ([email protected])