CVE-2025-63248

Published: Nov 5, 2025Modified: Jan 8, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires.

Affected (1)

Products: Diaowen: Dwsurvey

Diaowen

1 product

Dwsurvey

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Diaowen Dwsurvey	Version 6.14.0

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://gitee.com/wkeyuan/DWSurvey

Source: cve@mitre.org

Product

https://github.com/Chen1-Boop/CVE/blob/main/CVE-2025-63248.md

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.