CVE-2025-64400

Published: Dic 18, 2025 Last Modified: Dic 19, 2025

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: none

Scope: changed

Confidentiality: low

Integrity: none

Availability: none

Description

AI Translation Available

Control Panel provides an API for pre-registering into an enrollment and organization prior to a user's first login. The API for creating users checks that the account requesting a user creation has `edit` on the enrollment-level user directory, but is missing a separate check that the enrollment editor has access (or belongs to) the organization that they are adding a user to.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0003

Percentile

0,1th

Updated

EPSS Score Trend (Last 87 Days)

284

Improper Access Control

Incomplete

Abstraction: Pillar Structure: Simple

Common Consequences

Security Scopes Affected:

Other

Potential Impacts:

Varies By Context

Applicable Platforms

Technologies: ICS/OT, Not Technology-Specific, Web Based

View CWE Details

https://palantir.safebase.us/?tcuUid=52a9fd2f-1868-48cb-af0…

https://palantir.safebase.us/?tcuUid=52a9fd2f-1868-48cb-af01-93c589160e19

CVE-2025-64400

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 87 Days)

Improper Access Control

Common Consequences

Applicable Platforms

Iscriviti alla newsletter