CVE-2025-13808

Name of the Vulnerable Software and Affected Versions orionsec orion-ops versions up to 5925824997a3109651bbde07460958a7be249ed1

Description A flaw exists in orionsec orion-ops. The issue is related to improper authorization caused by manipulation of the ID argument within the update function located in the UserController.java file of the User Profile Handler component. This manipulation can be carried out remotely. An exploit for this issue has been published. The vendor was contacted regarding this disclosure but did not respond.

Recommendations Versions up to 5925824997a3109651bbde07460958a7be249ed1 should be updated. As a temporary workaround, consider restricting access to the update function within the UserController.java file until a patch is available.