CVE-2025-26138

Medium CVSS: 6.5

Systemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do not have permission to view.

Vendor

Systemic-rm

Product

Risk Value

CWE

CWE-284

Yayın Tarihi

2025-03-18 17:15:46

Güncelleme

2025-04-01 20:37:28

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-284 Risk Value MEDIUM Systemic-rm 2025

Referanslar

https://github.com/Arakiba/CVEs/tree/main/CVE-2025-26138