PT-2025-46340 · Unknown · Verve Asset Manager
Published
2025-11-11
·
Updated
2025-11-12
·
CVE-2025-11862
CVSS v4.0
8.4
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Verve Asset Manager (affected versions not specified)
Description
A security issue exists in Verve Asset Manager that allows unauthorized read-only users to perform actions beyond their intended permissions. Specifically, these users can read, update, and delete user data through the API. The issue involves unauthorized modification of user accounts via the API. The API endpoint allows unauthorized actions on user data. The vulnerable functionality allows manipulation of user accounts.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Verve Asset Manager