CVE-2025-47226

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/grokability/snipe-it/compare/v8.0.4...v8.1.0
https://github.com/grokability/snipe-it/pull/16672
https://github.com/grokability/snipe-it/releases/tag/v8.1.0
https://github.com/koyomihack00/CVE-2025-47226/blob/main/PoC/idor-exploit.md

Configurations

No configuration.

History

05 May 2025, 20:54

Type	Values Removed	Values Added
Summary		(es) Grokability Snipe-IT anterior a 8.1.0 tiene una autorización incorrecta para acceder a la información de los activos.

03 May 2025, 20:15

Type	Values Removed	Values Added
References		() https://github.com/koyomihack00/CVE-2025-47226/blob/main/PoC/idor-exploit.md -

02 May 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-02 21:15

Updated : 2025-05-05 20:54

NVD link : CVE-2025-47226

Mitre link : CVE-2025-47226

CVE.ORG link : CVE-2025-47226

JSON object : View

Products Affected

No product.

CWE

CWE-425

Direct Request ('Forced Browsing')

5.0 /10