CVE-2025-10390

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: CRMEB versions prior to 5.6.2

Description: A weakness exists in CRMEB due to improper authorization. The issue is located in the editAddress function of the app/services/user/UserAddressServices.php file. Manipulation of the ID argument can lead to exploitation. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations: Update CRMEB to version 5.6.2 or later. As a temporary workaround, restrict access to the editAddress function in app/services/user/UserAddressServices.php until a patch is available. Avoid using the ID parameter in the affected function until the issue is resolved.

Exploit

Fix

Improper Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266

Related Identifiers

CVE-2025-10390

Affected Products

Crmeb

CVE-2025-10390

Weakness Enumeration

Related Identifiers

Affected Products

References · 9