← Back

CVE-2025-62293

nvd nist
Published: Nov 20, 2025Modified: Nov 24, 2025

JSON object

Loading...
5.3
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: cvd@cert.pl (Secondary)

Description

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55.

Affected (1)

Soplanning
1 product
Soplanning
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Soplanning
Before 1.55.00

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

Source: cvd@cert.pl
Third Party Advisory
Source: cvd@cert.pl
Product

Timeline

No history available yet.