CVE-2025-25968

Medium CVSS: 6.0

DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.

Vendor

Ddsn

Product

Cm3 Acora Content Management System

CWE

CWE-284

Yayın Tarihi

2025-02-20 18:15:26

Güncelleme

2025-09-30 20:05:42

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-284 Cm3 Acora Content Management System MEDIUM Ddsn 2025

Referanslar

http://ddsn.com https://github.com/padayali-JD/CVE-2025-25968

Benzer Kayıtlar

Critical

CVE-2025-63314

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to a…

High

CVE-2025-25967

Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authen…

High

CVE-2025-22964

DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused…