← voltar
CVE-2025-0637

Inadequate access control in Beta10

CVSS 9.8 CRITICALEPSS 0.4%CWE-287
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.8EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
23 jan 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for other roles. The vulnerability has been identified at least in the file or path ‘/app/tools.html’.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Beta10 · Beta10