CVE-2025-65742
BaseFortify
Publication date: 2025-12-15
Last updated on: 2025-12-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| newgensoft | omnidocs | 11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for crafted API requests that exploit the Broken Function Level Authorization (BFLA) in Newgen OmniDocs v11.0. Specific commands or detection scripts are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps are not explicitly detailed in the provided resources. Generally, mitigating a BFLA vulnerability involves applying vendor patches, restricting API access, and implementing proper authorization checks on API endpoints. [1]
Can you explain this vulnerability to me?
This vulnerability is an unauthenticated Broken Function Level Authorization (BFLA) issue in Newgen OmniDocs v11.0. It allows attackers to send specially crafted API requests to bypass authorization controls, enabling them to access sensitive information and take over user accounts fully without needing to authenticate. [1]
How can this vulnerability impact me? :
The impact of this vulnerability includes unauthorized access to sensitive information and the potential for a full account takeover. This can lead to data breaches, loss of user trust, and unauthorized actions performed under compromised accounts. [1]