← volver
CVE-2025-0637

Inadequate access control in Beta10

CVSS 9.8 CRITICALEPSS 0.4%CWE-287
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.8EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
23 ene 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for other roles. The vulnerability has been identified at least in the file or path ‘/app/tools.html’.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Beta10 · Beta10