- Description
- This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body to gain unauthorized access to other user accounts. Successful exploitation of this vulnerability could allow remote attacker to perform authorized manipulation of data associated with other user accounts.
- Source
- vdisclose@cert-in.org.in
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- vdisclose@cert-in.org.in
- CWE-639
- Hype score
- Not currently trending
๐จ CVE-2025-42605 โ ๏ธ๐ด CRITICAL (9.3) ๐ข Meon - Bidding Solutions ๐๏ธ 1.2 ๐ https://t.co/44H5i0Sgr5 #CyberCron #VulnAlert #InfoSec https://t.co/tMQUyGtMkB
@cybercronai
23 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-42605 Authenticated API Authorization Bypass in Meon Bidding Solutions Platform https://t.co/oFkhAVXqYW
@VulmonFeeds
23 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-42605 | Meon Bidding Solutions 1.2 API Endpoint authorization (CIVN-2025-0082)) has been published on https://t.co/fPYItB8T2q
@WolfgangSesin
23 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-42605: CRITICAL] Vulnerability in Meon Bidding Solutions allows remote attackers to gain unauthorized access to user accounts by manipulating API request parameters. Exploitation could lead to data...#cve,CVE-2025-42605,#cybersecurity https://t.co/WkKR8J9AmH https://t.c
@CveFindCom
23 Apr 2025
45 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes