PT-2025-41885 · Unknown · Sipass Integrated
Published
2025-10-14
·
Updated
2025-10-14
·
CVE-2025-40773
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SiPass integrated versions prior to 3.0
Description
A broken access control issue exists in SiPass integrated server applications. The authorization mechanism does not have enough server-side checks, which allows an attacker to execute a specific API request. Successful exploitation could allow an attacker to manipulate data belonging to other users.
Recommendations
Update SiPass integrated to version 3.0 or later.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sipass Integrated