CVE-2025-27893

LOW Year: 2025
CVSS v3 Score
1.8
Low
Weakness Type
CWE-472
View all →

Vulnerability Description

In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a GenericContent/Record.aspx?id= URI. This enables unauthorized modification of system-generated metadata, compromising data integrity and potentially impacting auditing, compliance, and security controls.

Related Vulnerabilities

CVE-2025-32816

LOW
CVSS:3.1(Low)

CodeLit CourseLit before 0.57.5 allows Parameter Tampering via a payment plan associated with the wrong entity.

CWE-4722025

CVE-2021-1289

CRITICAL
CVSS:9.8(Critical)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute a...

CWE-4722021

CVE-2021-1290

CRITICAL
CVSS:9.8(Critical)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute a...

CWE-4722021

CVE-2021-1291

CRITICAL
CVSS:9.8(Critical)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute a...

CWE-4722021

CVE-2021-1292

CRITICAL
CVSS:9.8(Critical)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute a...

CWE-4722021

CVE-2021-1293

CRITICAL
CVSS:9.8(Critical)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute a...

CWE-4722021