CVE-2025-61075

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions adata Software GmbH Mitarbeiterportal version 2.15.2.0

Description The software contains multiple incorrect access control issues. A remote, authenticated user with low privileges can perform administrative functions and modify data belonging to other users through unauthorized API calls. The affected software is adata Software GmbH Mitarbeiterportal.

Recommendations Apply updates to address the access control issues in version 2.15.2.0.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-61075

Affected Products

Mitarbeiterportal

CVE-2025-61075

Weakness Enumeration

Related Identifiers

Affected Products

References · 6