CVE-2025-21092 GMOD CVE debrief

Who should care

Administrators, operators, and security teams responsible for GMOD Apollo deployments, especially in environments where Apollo user management is exposed to authenticated users or integrated into operational workflows.

Technical summary

The CSAF advisory describes an access-control weakness in the user-information update path. The supplied CVSS v3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) indicates network reachability, low attack complexity, no user interaction, and the need for low privileges, with the primary impact being high integrity compromise. The affected product entry is GMOD Apollo: <2.8.0, and the recommended fix is Apollo 2.8.0 or later.

Defensive priority

Priority should be moderate to high for any environment running Apollo below 2.8.0, because privilege escalation can undermine account integrity and administrative trust even without affecting availability. The issue is not listed as a known-exploited vulnerability in the supplied corpus, but it is an authorization flaw with direct integrity impact.

Recommended defensive actions

• Upgrade GMOD Apollo to version 2.8.0 or later.
• Inventory all Apollo instances and confirm whether any deployments are still below 2.8.0.
• Review account and role changes for unexpected privilege grants or suspicious user-profile update activity.
• Limit access to user-management functions to the smallest practical set of authenticated administrators.
• If upgrading is delayed, apply compensating access controls and monitor authentication and authorization events closely.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-25-063-07 and the supplied CVE record data. The advisory explicitly identifies the weakness as insufficient logical or access checks during user-information updates, lists GMOD Apollo <2.8.0 as affected, and recommends updating to 2.8.0. The supplied corpus does not indicate KEV listing or known ransomware use.

Official resources