CVE-2025-27893

Name of the Vulnerable Software and Affected Versions Archer Platform versions 6 through 6.14.00202.10024

Description The issue allows an authenticated user with record creation privileges to manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a "GenericContent/Record.aspx?id=" URI. This enables unauthorized modification of system-generated metadata, compromising data integrity and potentially impacting auditing, compliance, and security controls.

Recommendations For Archer Platform versions 6 through 6.14.00202.10024, consider restricting access to the GenericContent/Record.aspx?id= URI to prevent unauthorized modification of system-generated metadata. As a temporary workaround, limit the privileges of authenticated users to prevent them from manipulating immutable fields. At the moment, there is no information about a newer version that contains a fix for this vulnerability.