← Voltar para CVEs
CVE-2025-29556
HIGH7.3
Descricao
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation, altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval.
Detalhes CVE
Pontuacao CVSS v3.17.3
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado7/31/2025
Ultima modificacao7/31/2025
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-284
Referencias
https://github.com/0xsu3ks/CVE-2025-29556(cve@mitre.org)
https://www.exagrid.com/(cve@mitre.org)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.