← back
CVE-2025-61830

Adobe Pass | Incorrect Authorization (CWE-863)

CVSS 7.1 HIGHEPSS 0.2%CWE-863
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
11 Nov 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a victim must install a malicious SDK.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Affected products
Adobe · Adobe Pass