What is CVE-2025-22289?

A medium-severity Missing Authorization vulnerability in Eniture's LTL Freight Quotes – Unishippers Edition could allow unauthorized access. Organizations should address this issue to maintain secure access control levels.

What is the severity of CVE-2025-22289?

CVE-2025-22289 has a severity rating of MEDIUM with a CVSS base score of 6.5.

CVE-2025-22289 | Medium Vulnerability in Eniture LTL Freight Quotes

CVE-2025-22289 describes a Missing Authorization vulnerability in Eniture's LTL Freight Quotes – Unishippers Edition. This vulnerability allows exploiting incorrectly configured access control security levels, potentially exposing sensitive functionalities to unauthorized users. The severity of this vulnerability is classified as medium, with a CVSS score of 6.5.

The vulnerability affects all versions of LTL Freight Quotes – Unishippers Edition up to and including 2.5.8. Organizations utilizing this plugin should be aware of the real-world risks associated with this vulnerability, which include unauthorized access and potential data breaches.

As of now, no known exploits specifically targeting this vulnerability have been reported. However, the possibility of exploitation exists due to the incorrect access control configuration.

Organizations should prioritize remediation efforts for this vulnerability to ensure the security and integrity of their systems.

Vulnerability Details

The official description of this vulnerability states that it arises from missing authorization checks in the affected plugin. The CVSS score of 6.5 indicates a medium severity level, suggesting that exploitation could have moderate consequences.

The affected product is the LTL Freight Quotes – Unishippers Edition, developed by Eniture. The vulnerability was first published on February 16, 2025. The associated CWE classification for this vulnerability is CWE-862, which pertains to missing authorization.

Technical Analysis

The root cause of this vulnerability lies in the failure to implement proper authorization checks, allowing unauthorized users to access functionalities that should be restricted. The attack vector for this vulnerability is network-based, meaning that an attacker could potentially exploit the issue remotely.

The attack complexity is low, as no special conditions or privileges are required for exploitation. Additionally, user interaction is not necessary, making it easier for an attacker to exploit the vulnerability. The impacts on confidentiality are minimal, while integrity and availability are rated as low.

Risk & Impact Analysis

The lack of authorization checks in this plugin presents a significant risk to organizations using the LTL Freight Quotes – Unishippers Edition. Attackers may leverage this vulnerability to gain unauthorized access to critical functionalities, potentially leading to data leaks or unauthorized actions.

The urgency for organizations to address this vulnerability is moderate. Given the CVSS score of 6.5, remediation should be planned in the next patch cycle to avoid exploitation.

The potential blast radius includes all users of the affected plugin, which could lead to widespread data exposure if not addressed promptly.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

This vulnerability affects the LTL Freight Quotes – Unishippers Edition plugin versions up to and including 2.5.8. Organizations should upgrade to version 2.5.9 or later to mitigate this issue.

Mitigation & Remediation

To remediate this vulnerability, organizations should update the LTL Freight Quotes – Unishippers Edition plugin to the latest version. If immediate patching is not feasible, organizations can consider implementing access controls and monitoring to limit exposure.

For comprehensive security practices, organizations should engage in penetration testing to identify and address similar vulnerabilities.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unusual access patterns and unauthorized changes to configurations. Additionally, security teams should look for behavioral anomalies indicative of unauthorized access attempts.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-22289 lies in its representation of access control vulnerabilities, which remain a common issue in many applications. Security teams should take this opportunity to review and strengthen their access control mechanisms.

Organizations should also consider adopting a proactive approach by conducting regular security assessments and implementing best practices for secure coding. This vulnerability highlights the importance of thorough testing and regular updates.

For more insights on security practices, organizations can refer to vulnerability management programs and ongoing security assessments to enhance their defenses.

Finally, by staying informed about emerging vulnerabilities like CVE-2025-22289, organizations can better prepare to defend against future threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-22289: Medium Vulnerability in Eniture LTL Freight Quotes