CVE-2025-29033

Published: Apr 1, 2025Modified: Apr 4, 2025

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter.

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://github.com/nikolas-ch/CVEs/tree/main/Bamboohr_25.0210.170831-83b08dd/OpenRedirect

Source: cve@mitre.org

Timeline

No history available yet.