CVE-2025-47817

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BlueWave Checkmate versions 2.0.2 and earlier, before b387eba

Description The issue allows a profile edit request to include a role parameter. This is related to the external control of assumed-immutable web parameters.

Recommendations For BlueWave Checkmate versions 2.0.2 and earlier, before b387eba, consider disabling the profile edit functionality until a patch is available. Restrict access to the role parameter in profile edit requests to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-472

Related Identifiers

CVE-2025-47817

GHSA-RQ7R-P9CQ-5Q4F

Affected Products

Bluewave Checkmate

CVE-2025-47817

Weakness Enumeration

Related Identifiers

Affected Products

References · 12