← back
CVE-2025-8025

Improper Access Control in Dinosoft Business Solutions' Dinosoft ERP

CVSS 9.8 CRITICALEPSS 0.5%CWE-284CWE-306
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dinosoft ERP: from < 3.0.1 through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →