CVE-2025-46544

Medium CVSS: 6.4

In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles.

Vendor

Product

CWE

Yayın Tarihi

2025-04-25 03:15:19

Güncelleme

2025-10-15 18:34:37

Source Identifier

cve@mitre.org

KEV Date Added

CWE-863 Sherpa Orchestrator MEDIUM Sherparpa 2025

https://deiteriy.com https://gist.github.com/ArtemBrylev/a258f920a6556470951c9a483fcf194a https://sherparpa.com https://twitter.com/ArtyomBrylev

Medium

CVE-2025-46545

In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an adm…

Low

CVE-2025-46546

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This…

Medium

CVE-2025-46547

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an a…