Multiple vulnerabilities in Proget software

CERT Polska disclosed seven vulnerabilities in Proget (Konsola Proget) affecting all versions before 2.17.5, including incorrect authorization flaws that allow low-privileged users to enumerate tasks and device UUIDs and retrieve device passwords (CVE-2025-1415, CVE-2025-1416, CVE-2025-1417), stored cross-site scripting issues (CVE-2025-1419, CVE-2025-1420), and a CSV formula injection (CVE-2025-1421) that could lead to code execution on a user's PC; all issues were reported to and coordinated with CERT Polska and fixed in version 2.17.5.