PT-2025-9187 · Eastnets · Eastnets Paymentsafe
Kushkira
+1
·
Published
2025-03-01
·
Updated
2025-04-09
·
CVE-2025-1806
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Eastnets PaymentSafe version 2.5.26.0
Description
A problem has been found in Eastnets PaymentSafe, affecting some unknown functionality of the file /Default.aspx of the component URL Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Recommendations
As a temporary workaround, consider restricting access to the /Default.aspx file of the URL Handler component until a patch is available.
Avoid using the vulnerable functionality of the URL Handler component until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Authorization
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Eastnets Paymentsafe