CVE-2025-0504
BaseFortify
Publication date: 2025-11-21
Last updated on: 2025-11-21
Assigner: Synopsys
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| synopsys | black_duck_sca | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Black Duck SCA versions prior to 2025.10.0 involves overly broad user role permissions. Specifically, users assigned the scoped Project Manager role with Global User Read access can access certain Project Administrator functions that should be restricted. While exploitation does not allow full system control, it can enable unauthorized changes to project configurations or access to sensitive system information.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing users with limited permissions to make unauthorized changes to project configurations or gain access to sensitive system information. Although it does not grant full system control, these unauthorized actions could compromise project integrity and confidentiality.