CVE-2025-4636

Published: May 30, 2025Modified: May 30, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: cve_disclosure@tech.gov.sg (Secondary)

Description

Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://jct-aq.com/products/airpointer2d/

Source: cve_disclosure@tech.gov.sg

Timeline

No history available yet.