Security Advisory

CVE-2025-26138

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-18 00:00:00

Last updated 2025-03-25 16:51:28

Assigner mitre

State PUBLISHED

Description

Systemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do not have permission to view.

← Browse all CVEs View on cve.org ↗