9.8

CVE-2025-67165

Exploit
An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PagekitPagekit Version1.0.18
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.341
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://github.com/pagekit/pagekit
Product
https://github.com/pagekit/docs/blob/develop/user-interface/users.md#roles
Product
https://github.com/pagekit/docs/blob/develop/user-interface/users.md#permissions
Product
https://github.com/mbiesiad/vulnerability-research/tree/main/CVE-2025-67165
Third Party Advisory
Exploit