CVE-2025-64061
BaseFortify
Publication date: 2025-11-25
Last updated on: 2025-12-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| primakon | project_contract_management | 1.0.18 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Primakon Pi Portal 1.0.18 at the /api/v2/users endpoint, where insufficient access control allows any authenticated user, regardless of privilege level, to retrieve a complete list of all registered users. The exposed data includes password hashes, which should be protected.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized exposure of sensitive user information, including password hashes. This could enable attackers or low-privileged users to attempt password cracking or other malicious activities, potentially compromising user accounts and the overall security of the application.