CVE-2025-47226

Published: May 2, 2025Modified: Jun 3, 2025

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.

Affected (1)

Products: Snipeitapp: Snipe It

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Snipeitapp Snipe It	Before 8.1.0

Related CWEs

Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://github.com/grokability/snipe-it/compare/v8.0.4...v8.1.0

Source: cve@mitre.org

Product

https://github.com/grokability/snipe-it/pull/16672

Source: cve@mitre.org

Issue Tracking

https://github.com/grokability/snipe-it/releases/tag/v8.1.0

Source: cve@mitre.org

PatchRelease Notes

https://github.com/koyomihack00/CVE-2025-47226/blob/main/PoC/idor-exploit.md

Source: cve@mitre.org

ExploitPatchThird Party Advisory

Timeline

No history available yet.