CVE-2025-51533

Published: Aug 7, 2025Modified: Oct 1, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: MITRE (Secondary)

Description

An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.

Affected (1)

Products: Sagedpw: Sage Dpw

Sagedpw

1 product

Sage Dpw

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sagedpw Sage Dpw	Before 2025_06_000

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (3)

https://www.sec4you-pentest.com/schwachstelle/sage-dpw-vorhersehbare-url-ids-ermoeglichen-unautorisierten-zugriff-auf-interne-formulare/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.sec4you-pentest.com/schwachstellen

Source: cve@mitre.org

Third Party Advisory

https://www.sec4you-pentest.com/schwachstelle/sage-dpw-vorhersehbare-url-ids-ermoeglichen-unautorisierten-zugriff-auf-interne-formulare/

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.