CVE-2025-27893

In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a GenericContent/Record.aspx?id= URI. This enables unauthorized modification of system-generated metadata, compromising data integrity and potentially impacting auditing, compliance, and security controls.

CVSS v3 1.8 LOW

1.8^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.4 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://archerirm.com
https://github.com/NastyCrow/CVE-2025-27893
https://github.com/NastyCrow/CVE-2025-27893

Configurations

No configuration.

History

11 Mar 2025, 14:15

Type	Values Removed	Values Added
Summary		(es) En Archer Platform 6 a 6.14.00202.10024, un usuario autenticado con privilegios de creación de registros puede manipular campos inmutables, como la fecha de creación, interceptando y modificando una solicitud de copia a través de un URI GenericContent/Record.aspx?id=. Esto permite la modificación no autorizada de metadatos generados por el sistema, lo que compromete la integridad de los datos y potencialmente afecta los controles de auditoría, cumplimiento y seguridad.
References	~~() https://github.com/NastyCrow/CVE-2025-27893 -~~	() https://github.com/NastyCrow/CVE-2025-27893 -

11 Mar 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-11 09:15

Updated : 2025-03-11 14:15

NVD link : CVE-2025-27893

Mitre link : CVE-2025-27893

CVE.ORG link : CVE-2025-27893

JSON object : View

Products Affected

No product.

CWE

CWE-472

External Control of Assumed-Immutable Web Parameter

1.8 /10