Unrated severityNVD Advisory· Published Feb 20, 2025· Updated Feb 20, 2025
CVE-2025-25968
CVE-2025-25968
Description
DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- DDSN Interactive cm3/Acora CMSdescription
- Range: = 10.1.1
Patches
Vulnerability mechanics
References
1- ddsn.commitre
News mentions
0No linked articles in our index yet.