8.8

CVE-2025-64062

EPSS 0.06%
Veröffentlicht 25.11.2025 18:15:53
Zuletzt bearbeitet 01.12.2025 13:25:19
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value (e.g., otheruser@user.com), an attacker can assume the session and gain full access to the target user's data and privileges. Also, if the email parameter is left blank, the application defaults to the first user in the list, who is typically the application administrator, resulting in an immediate Privilege Escalation to the highest level.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Primakon ≫ Project Contract Management Version1.0.18

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.183

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://www.primakon.com/rjesenja/primakon-pcm/

Product

https://github.com/n3k7ar91/Vulnerabilites/blob/main/Primakon/CVE-2025-64062.md

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-64062

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64062

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64062

EUVD