CVE-2025-25968

MEDIUM Year: 2025
CVSS v3 Score
6.0
Medium
Weakness Type
CWE-284
View all →

Vulnerability Description

DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.

Related Vulnerabilities

CVE-2020-3503

MEDIUM
CVSS:6.0(Medium)

A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vuln...

CWE-2842020

CVE-2021-34724

MEDIUM
CVSS:6.0(Medium)

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root use...

CWE-2842021

CVE-2023-31346

MEDIUM
CVSS:6.0(Medium)

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.

CWE-2842023

CVE-2024-28016

MEDIUM
CVSS:6.0(Medium)

Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, ...

CWE-2842024

CVE-2024-30211

MEDIUM
CVSS:6.0(Medium)

Improper access control in some Intel(R) ME driver pack installer engines before version 2422.6.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-2842024

CVE-2024-40825

MEDIUM
CVSS:6.0(Medium)

The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files.

CWE-2842024