CVE-2025-21526

Name of the Vulnerable Software and Affected Versions Primavera P6 Enterprise Project Portfolio Management versions 20.12.1.0 through 20.12.21.5 Primavera P6 Enterprise Project Portfolio Management versions 21.12.1.0 through 21.12.20.0 Primavera P6 Enterprise Project Portfolio Management versions 22.12.1.0 through 22.12.16.0 Primavera P6 Enterprise Project Portfolio Management versions 23.12.1.0 through 23.12.10.0

Description The issue is related to a vulnerability in the Web Access component of Primavera P6 Enterprise Project Portfolio Management, which can be easily exploited. This vulnerability allows an attacker with low privileges and network access via HTTP to compromise the system. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The vulnerability can result in unauthorized update, insert, or delete access to some accessible data, as well as unauthorized read access to a subset of accessible data.

Recommendations For versions 20.12.1.0 through 20.12.21.5, update to a version outside of this range to resolve the issue. For versions 21.12.1.0 through 21.12.20.0, update to a version outside of this range to resolve the issue. For versions 22.12.1.0 through 22.12.16.0, update to a version outside of this range to resolve the issue. For versions 23.12.1.0 through 23.12.10.0, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Web Access component until a patch is available.