CVE-2025-29556

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation, altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval.
Configurations

No configuration.

History

31 Jul 2025, 20:15

Type Values Removed Values Added
CWE CWE-284
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.3

31 Jul 2025, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-31 16:15

Updated : 2025-07-31 20:15


NVD link : CVE-2025-29556

Mitre link : CVE-2025-29556

CVE.ORG link : CVE-2025-29556


JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control