- Description
- An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The attack requires the attacker to know the documents UUIDv4.
- Source
- a341c0d1-ebf7-493f-a84e-38cf86618674
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- a341c0d1-ebf7-493f-a84e-38cf86618674
- CWE-284
- Hype score
- Not currently trending
FuCk, im changing my FW after this CVE-2025-2306 (CVSS: 9): Mongoose Flaw Leaves Millions of Downloads Exposed to Search Injection. This flaw stems from improper handling of nested $where filters with populate() match.
@byt3n33dl3
20 Jan 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-2306 (CVSS 9.0): Mongoose Flaw Leaves Millions of Downloads Exposed to Search Injection Discover the details of CVE-2025-23061. Understand the potential risks it poses to #MongoDB database interactions and how to protect your application https://t.co/Rsw8xQu5sD
@the_yellow_fall
20 Jan 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes