PT-2025-20042 · Unknown · Smart Manager
开元米粉实力代购
·
Published
2025-05-07
·
Updated
2025-05-12
·
CVE-2025-20957
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SmartManagerCN versions prior to SMR May-2025 Release 1
Description
The issue is related to improper access control in SmartManagerCN, which allows local attackers to launch arbitrary activities with SmartManagerCN privilege. This can be exploited by attackers to gain unauthorized access and perform malicious actions.
Recommendations
For versions prior to SMR May-2025 Release 1, update to SMR May-2025 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive features and functionalities within SmartManagerCN to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Smart Manager