CVE-2025-64063

Name of the Vulnerable Software and Affected Versions Primakon Pi Portal version 1.0.18

Description The application does not adequately enforce authorization checks for API requests. A standard user can bypass user interface restrictions by directly accessing administrative API endpoints via HTTP requests. This allows unauthorized actions such as modifying or deleting user accounts, changing passwords via the user management API endpoint, accessing sensitive organizational documents through the document retrieval API endpoint, and manipulating core system functions. This can lead to data integrity and confidentiality compromise, and privilege escalation.

Recommendations Apply stricter authorization checks to all API endpoints to prevent unauthorized access and manipulation of data.