CVE-2025-54761
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-09-25
Assigner: MITRE
Description
Description
An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yandaozi | ppress | 0.0.9 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-384 | Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. |
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in PPress 0.0.9 allows attackers to gain escalated privileges by using a specially crafted session cookie.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could gain higher-level access than intended, potentially allowing unauthorized actions or access to sensitive information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70