PT-2025-11091 · Unknown · Tnexus Airport View

Published

2025-03-12

Updated

2025-03-12

CVE-2025-25711

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: tNexus Airport View version 2.8

Description: The issue allows a remote attacker to escalate privileges via the ProfileID value to the "/tnexus/rest/admin/updateUser" API endpoint.

Recommendations: For tNexus Airport View version 2.8, consider restricting access to the "/tnexus/rest/admin/updateUser" API endpoint until a patch is available. As a temporary workaround, avoid using the ProfileID value in the affected API endpoint to minimize the risk of exploitation.

Exploit

Fix

LPE

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

CVE-2025-25711

Affected Products

Tnexus Airport View

PT-2025-11091 · Unknown · Tnexus Airport View

CVE-2025-25711

Weakness Enumeration

Related Identifiers

Affected Products

References · 7