AI description
I am unable to provide a description for CVE-2025-67796 as no information regarding this specific CVE identifier was found in popular articles or public vulnerability databases. It is possible that the CVE ID is incorrect, not yet publicly disclosed, or not widely reported.
- Description
- IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users data and, in some cases, perform privileged actions. This issue may enable cross-tenant access. Fixed in version 2.10.6.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-284
- Hype score
- Not currently trending
CVE-2025-67796 Improper Authorization Flaw in IKUS Rdiffweb Before 2.10.5 https://t.co/L1RXPFaRmm
@VulmonFeeds
5 May 2026
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨*CVE* CVE-2025-67796 IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not e… https://t.co/AdnJghOAAI ----- Traducción: CVE-2025-67796 IKU… https://t.co/utmtNg
@infoflowcloud
4 May 2026
135 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-67796 IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not e… https://t.co/iuOLeJNgRK
@CVEnew
4 May 2026
231 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes