Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile.
[
{
"id": "CVE-2025-43720-2c77f128",
"target": {
"function": "getConfigurationApplications",
"file": "server/src/main/java/com/hmdm/rest/resource/ConfigurationResource.java"
},
"signature_version": "v1",
"source": "https://github.com/h-mdm/hmdm-server/commit/19e4a63f732c99064444df7e8c61b4f01df362e8",
"signature_type": "Function",
"digest": {
"function_hash": "254356613168551213908908216302195109986",
"length": 164.0
},
"deprecated": false
},
{
"id": "CVE-2025-43720-3ac234fc",
"target": {
"file": "server/src/main/java/com/hmdm/guice/module/ConfigureModule.java"
},
"signature_version": "v1",
"source": "https://github.com/h-mdm/hmdm-server/commit/19e4a63f732c99064444df7e8c61b4f01df362e8",
"signature_type": "Line",
"digest": {
"line_hashes": [
"10620727926956154615521969716629865684",
"316575086913422014031868203328425066521",
"285826611951026806621598260775763283839",
"26948761278868631048165704637505845312",
"316187376605211944289933621070733152206",
"192200351653515910875078539866706092044",
"208501596119552176965408824756884628024",
"217232418118778894781534883555712550875"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2025-43720-54b8d982",
"target": {
"file": "server/src/main/java/com/hmdm/rest/resource/SyncResource.java"
},
"signature_version": "v1",
"source": "https://github.com/h-mdm/hmdm-server/commit/19e4a63f732c99064444df7e8c61b4f01df362e8",
"signature_type": "Line",
"digest": {
"line_hashes": [
"107911496508891373624243098629946864655",
"173132575147094576628660049241227282446",
"80735139083351048095252136118560095556",
"130471951536372738700638900238192631201",
"104340778163395255057888808518977048117",
"258826383833874359571482893061043896912",
"132063182754218268370725425733646534021",
"228597863928835554075657619554424293691",
"321533064124970411077269070148362762939",
"324722317537376278975873376582502208462",
"319385642475178723925281059336468820870",
"259041381224234548970322341573605427238",
"232573019979057912373648786257907371925",
"287645027704248388957598876124739071737",
"105908098025281147653770360006929505569",
"269724892359233310004498699721784592876",
"198263139567128370184605365191641577386",
"306081073593229908331944415646001246160",
"198882472301965047540335085926458882744",
"337677743374098907762137136794187783882",
"83091611378546993299549640142231007844",
"310261259373391512426587193166724265191",
"112565744964837664241954720076683159705",
"148007513692260257817698374178128869767",
"45850580752085299011862712334003564562",
"283195829094197051359763307736810982220",
"170913232269536148801434210552239673743",
"70155518662792811039274635556025908062",
"64957936858571529653690825677208826284",
"310261259373391512426587193166724265191",
"112565744964837664241954720076683159705",
"148007513692260257817698374178128869767",
"220676402662838368038689287201212395655"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2025-43720-557bf6bd",
"target": {
"function": "configure",
"file": "server/src/main/java/com/hmdm/guice/module/ConfigureModule.java"
},
"signature_version": "v1",
"source": "https://github.com/h-mdm/hmdm-server/commit/19e4a63f732c99064444df7e8c61b4f01df362e8",
"signature_type": "Function",
"digest": {
"function_hash": "55219294824594461736141424161684657626",
"length": 11717.0
},
"deprecated": false
},
{
"id": "CVE-2025-43720-62ee53cb",
"target": {
"file": "server/src/main/java/com/hmdm/rest/resource/ConfigurationResource.java"
},
"signature_version": "v1",
"source": "https://github.com/h-mdm/hmdm-server/commit/19e4a63f732c99064444df7e8c61b4f01df362e8",
"signature_type": "Line",
"digest": {
"line_hashes": [
"73701294441859045138011563864646004890",
"159082486900774364998552346374650779720",
"87481736442659086925715320084490866887",
"38462782285156483597363638969107331026",
"11725820280104327138146925135587183897",
"208144825362243935699770124793335088936",
"256926814959671992332894772510999388931",
"273041202519384408313605633999189603509",
"63603369074298400970106227193465889935",
"4799019836347851000564878544751087214",
"230574884580855171267571155996602155464",
"295080901178434824432277495541476632187",
"265584141874701408334692573973637609147",
"310131155503676692338207452426341898107",
"3758718565186889072955159968352745047",
"320914145696097846471103816182118465840",
"124741943646775125399540111159232184527",
"253263368770310945328047701309316130841",
"281495298043161275726094103663559254966",
"210144507454655573189764466365066220598",
"14566327727593021327392052677994986496",
"41109141186782973323364614636280997328",
"39803079199138813469745876868056541338",
"339675931303423327593256200231028523113"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2025-43720-8dff21f1",
"target": {
"function": "getConfigurationById",
"file": "server/src/main/java/com/hmdm/rest/resource/ConfigurationResource.java"
},
"signature_version": "v1",
"source": "https://github.com/h-mdm/hmdm-server/commit/19e4a63f732c99064444df7e8c61b4f01df362e8",
"signature_type": "Function",
"digest": {
"function_hash": "34884879356947192250995666631719820409",
"length": 122.0
},
"deprecated": false
},
{
"id": "CVE-2025-43720-8e4527a6",
"target": {
"function": "getDeviceSetting",
"file": "server/src/main/java/com/hmdm/rest/resource/SyncResource.java"
},
"signature_version": "v1",
"source": "https://github.com/h-mdm/hmdm-server/commit/19e4a63f732c99064444df7e8c61b4f01df362e8",
"signature_type": "Function",
"digest": {
"function_hash": "62793014219098735520641910644887825709",
"length": 1291.0
},
"deprecated": false
},
{
"id": "CVE-2025-43720-94eab37e",
"target": {
"function": "getConfigurations",
"file": "server/src/main/java/com/hmdm/rest/resource/ConfigurationResource.java"
},
"signature_version": "v1",
"source": "https://github.com/h-mdm/hmdm-server/commit/19e4a63f732c99064444df7e8c61b4f01df362e8",
"signature_type": "Function",
"digest": {
"function_hash": "330234790355091588840483180082622005065",
"length": 463.0
},
"deprecated": false
},
{
"id": "CVE-2025-43720-c15cae08",
"target": {
"function": "searchConfigurations",
"file": "server/src/main/java/com/hmdm/rest/resource/ConfigurationResource.java"
},
"signature_version": "v1",
"source": "https://github.com/h-mdm/hmdm-server/commit/19e4a63f732c99064444df7e8c61b4f01df362e8",
"signature_type": "Function",
"digest": {
"function_hash": "325328227897447485508002907304972434046",
"length": 233.0
},
"deprecated": false
},
{
"id": "CVE-2025-43720-c3715664",
"target": {
"function": "getDeviceSettingExtended",
"file": "server/src/main/java/com/hmdm/rest/resource/SyncResource.java"
},
"signature_version": "v1",
"source": "https://github.com/h-mdm/hmdm-server/commit/19e4a63f732c99064444df7e8c61b4f01df362e8",
"signature_type": "Function",
"digest": {
"function_hash": "123422502648374876368696835614861124247",
"length": 1276.0
},
"deprecated": false
},
{
"id": "CVE-2025-43720-d407f064",
"target": {
"function": "SyncResource",
"file": "server/src/main/java/com/hmdm/rest/resource/SyncResource.java"
},
"signature_version": "v1",
"source": "https://github.com/h-mdm/hmdm-server/commit/19e4a63f732c99064444df7e8c61b4f01df362e8",
"signature_type": "Function",
"digest": {
"function_hash": "97299104756691519338526049660300096585",
"length": 945.0
},
"deprecated": false
},
{
"id": "CVE-2025-43720-df3afa5c",
"target": {
"function": "getAllConfigurations",
"file": "server/src/main/java/com/hmdm/rest/resource/ConfigurationResource.java"
},
"signature_version": "v1",
"source": "https://github.com/h-mdm/hmdm-server/commit/19e4a63f732c99064444df7e8c61b4f01df362e8",
"signature_type": "Function",
"digest": {
"function_hash": "279586475186204064428065979946601584860",
"length": 191.0
},
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43720.json"
"2026-04-12T16:55:23Z"