CVE-2025-64067
BaseFortify
Publication date: 2025-11-25
Last updated on: 2025-12-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| primakon | project_contract_management | 1.0.18 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Primakon Pi Portal 1.0.18 API endpoints that retrieve object-specific or filtered data. The endpoints do not properly validate on the server side whether the requesting user is authorized to access the requested data. Attackers can exploit this by manipulating ID parameters to access data belonging to other users (IDOR) or by omitting filter parameters to retrieve entire unfiltered datasets, leading to unauthorized exposure of sensitive personal and organizational information.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to sensitive personal and organizational data. An attacker could view or steal information belonging to other users or the organization by manipulating request parameters, potentially resulting in data breaches, loss of privacy, and damage to the organization's reputation.