PT-2025-3738 · Unknown · Abacus Erp

Borel Enzo

Published

2025-01-01

Updated

2025-10-23

CVE-2025-0001

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Abacus ERP versions prior to 2024.210.16036 Abacus ERP versions prior to 2023.205.15833 Abacus ERP versions prior to 2022.105.15542

Description The issue is an authenticated arbitrary file read vulnerability. This means that an attacker who has valid credentials can potentially read files on the system that they should not have access to.

Recommendations For versions prior to 2024.210.16036, update to version 2024.210.16036 or later. For versions prior to 2023.205.15833, update to version 2023.205.15833 or later. For versions prior to 2022.105.15542, update to version 2022.105.15542 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-36

Related Identifiers

CVE-2025-0001

Affected Products

Abacus Erp

PT-2025-3738 · Unknown · Abacus Erp

CVE-2025-0001

Weakness Enumeration

Related Identifiers

Affected Products

References · 16