CVE-2025-25968

Published: Feb 20, 2025

Modified: Feb 20, 2025

PUBLISHED

Description

DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://ddsn.com

https://github.com/padayali-JD/CVE-2025-25968

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-25968

Description

Affected Products

References