CVE-2025-51532
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-10-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sagedpw | sage_dpw | to 2025_06_000 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an incorrect access control issue in Sage DPW version 2024.12.003 that allows unauthorized attackers to access the built-in Database Monitor by sending a specially crafted request. This means attackers can reach parts of the system they should not be able to without proper authorization.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing unauthorized access to sensitive database monitoring functions, potentially exposing critical data or system information. Although it does not allow modification or denial of service, the confidentiality of the database information is at high risk.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update Sage DPW to the fixed version Halbjahresversion 2024_12_004, which addresses the incorrect access control issue allowing unauthorized access to the built-in Database Monitor.