Medium severity6.5NVD Advisory· Published Mar 18, 2025· Updated Jun 17, 2026
CVE-2025-26138
CVE-2025-26138
Description
Systemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do not have permission to view.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- github.com/Arakiba/CVEs/tree/main/CVE-2025-26138nvdThird Party Advisory
News mentions
0No linked articles in our index yet.