← Back

CVE-2025-25968

nvd nist
Published: Feb 20, 2025Modified: Sep 30, 2025

JSON object

Loading...
6.0
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
Exploitability: 1.2 / Impact: 4.7
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.

Affected (1)

Ddsn
1 product
Cm3 Acora Content Management System
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Cm3 Acora Content Management System
Version 10.1.1

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Third Party Advisory

Timeline

No history available yet.