CVE-2025-61075

Published: Dec 9, 2025Modified: Dec 12, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Multiple Incorrect Access Control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 allow remote authenticated, low-privileged users to carry out administrative functions and manipulate data of other users via unauthorized API calls.

Affected (1)

Products: Adata: Mitarbeiter Portal

Adata

1 product

Mitarbeiter Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Adata Mitarbeiter Portal	Before 2.16.1

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://no-sec.net/posts/cve-2025-61075/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.adata.de/mitarbeiter-portal/

Source: cve@mitre.org

Product

Timeline

No history available yet.