CVE-2025-56015: GenieACS has an unauthenticated access vulnerability via the NBI API endpoint

April 7, 2026 (updated April 10, 2026)

In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint.

References

github.com/advisories/GHSA-2h6j-mhcp-9j9h
github.com/e1st/CVE-2025-56015
github.com/genieacs/genieacs
nvd.nist.gov/vuln/detail/CVE-2025-56015

Code Behaviors & Features

Detect and mitigate CVE-2025-56015 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →