CVE-2025-14089

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Himool ERP versions up to 2.2

Description A security issue exists in Himool ERP. This issue involves improper authorization due to manipulation of the update account function within the AdminActionViewSet component. The vulnerable file is located at the API endpoint '/api/admin/update account/'. The issue is remotely exploitable and the exploit is publicly available.

Recommendations Versions prior to 2.3 should be updated. As a temporary workaround, consider restricting access to the '/api/admin/update account/' API endpoint until a patch is available.

Exploit

Fix

Improper Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266

Related Identifiers

CVE-2025-14089

Affected Products

Himool Erp

CVE-2025-14089

Weakness Enumeration

Related Identifiers

Affected Products

References · 7