CVE-2025-25968

Published Feb 20, 2025

Last updated 19 days ago

CVSS medium 6.0

Overview

Description: DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.
Source: cve@mitre.org
NVD status: Analyzed
Products: cm3_acora_content_management_system

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6
Impact score: 4.7
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-284

Hype score: Not currently trending

CVE-2025-25968 DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as s… https://t.co/8idOvWZU3Y
@CVEnew
20 Feb 2025
258 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:10.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2969D732-CC4D-4DB0-ADEF-71F520662B4F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References