CVE-2025-29556
BaseFortify
Publication date: 2025-07-31
Last updated on: 2025-07-31
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| exagrid | ex10 | 6.3 |
| exagrid | ex10 | 7.0.1.p08 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in ExaGrid EX10 versions 6.3 to 7.0.1.P08 and involves Incorrect Access Control. Although the system is designed to prevent users with the Admin role from creating or modifying users with the Security Officer role without approval, an attacker with Admin access can bypass these restrictions. They do this by intercepting and manipulating the API request during user creation, changing parameters to assign the new user to the Security Officers group without the necessary approval.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with Admin privileges to escalate privileges improperly by creating or modifying accounts to have Security Officer roles without approval. This could lead to unauthorized access to sensitive functions or data that are restricted to Security Officers, potentially compromising system security and integrity.