Vulnerability Details CVE-2025-43720
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.6%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2025-43720
-
cpe:2.3:a:h-mdm:headwind_mdm:5.22.1
-
cpe:2.3:a:h-mdm:headwind_mdm:5.27.2
-
cpe:2.3:a:h-mdm:headwind_mdm:5.28.1
-
cpe:2.3:a:h-mdm:headwind_mdm:5.29.1
-
cpe:2.3:a:h-mdm:headwind_mdm:5.30.1
-
cpe:2.3:a:h-mdm:headwind_mdm:5.30.3
-
cpe:2.3:a:h-mdm:headwind_mdm:5.31.1
-
cpe:2.3:a:h-mdm:headwind_mdm:5.32.1