CVE-2025-8049

EPSS 0.05%
Veröffentlicht 20.10.2025 19:56:20
Zuletzt bearbeitet 28.10.2025 16:11:07
Quelle security@opentext.com
CVE-Watchlists
Login
Unerledigt
Login

Insufficient Access Control vulnerability has been discovered in OpenText Flipper.

Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application.

This issue affects Flipper: 3.1.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opentext ≫ Flipper Version3.1.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.165

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@opentext.com	2.3	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:Green

CWE-1220 Insufficient Granularity of Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0850530

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-8049

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-8049

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-8049

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-8049