How severe is CVE-2025-48695?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2025-48695?

This is classified as CWE-266, which is a common weakness in software security.

CVE-2025-48695

MEDIUM Year: 2025

CVSS v3 Score

6.4

Medium

Weakness Type

CWE-266

View all →

Vulnerability Description

An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of access control: /api/v2/users/user/<user id>/role/ROLE/<Target role> (admin access can be achieved).

CVE-2020-26182

MEDIUM

CVSS:6.5(Medium)

Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' re...

CWE-2662020

CVE-2021-1412

MEDIUM

CVSS:6.5(Medium)

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to imp...

CWE-2662021

CVE-2021-40123

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files t...

CWE-2662021

CVE-2022-1225

MEDIUM

CVSS:6.5(Medium)

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.

CWE-2662022

CVE-2022-20782

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. Thi...

CWE-2662022