PT-2025-26361 · Unknown · Dfactory Download Attachments

Haudayroi - Bluerock

Published

2025-06-20

Updated

2025-06-20

CVE-2025-49995

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: dFactory Download Attachments versions n/a through 1.3.1

Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability, which allows exploiting incorrectly configured access control security levels. This vulnerability can be exploited in the Download Attachments feature.

Recommendations: For versions n/a through 1.3.1, update to a version that contains a fix for this issue, as the current version allows exploiting incorrectly configured access control security levels. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-49995

Affected Products

Dfactory Download Attachments

PT-2025-26361 · Unknown · Dfactory Download Attachments

CVE-2025-49995

Weakness Enumeration

Related Identifiers

Affected Products

References · 5