← Zuruck zu CVEs
CVE-2025-26138
MEDIUM6.5
Beschreibung
Systemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do not have permission to view.
CVE Details
CVSS v3.1 Bewertung6.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht3/18/2025
Zuletzt geandert4/1/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
systemic-rm:risk_value
Schwachen (CWE)
CWE-284
Referenzen
https://github.com/Arakiba/CVEs/tree/main/CVE-2025-26138(cve@mitre.org)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.