← Volver a CVEs
CVE-2025-29556
HIGH7.3
Descripcion
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation, altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval.
Detalles CVE
Puntuacion CVSS v3.17.3
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/31/2025
Ultima modificacion7/31/2025
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-284
Referencias
https://github.com/0xsu3ks/CVE-2025-29556(cve@mitre.org)
https://www.exagrid.com/(cve@mitre.org)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.