CVE-2025-2306
Improper Access Control vulnerability in LIVE CONTRACT
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.9EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
16 mai 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An Improper Access Control vulnerability was
identified in the file download functionality. This vulnerability allows users
to download sensitive documents without authentication, if the URL is known.
The attack
requires the attacker to know the documents UUIDv4.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
SYNCPILOT · LIVE CONTRACTReferências
https://www.cirosec.de/sa/sa-2025-004