CVE-2025-43947

{"id": "CVE-2025-43947", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}]}, "published": "2025-04-22T18:16:01.170", "references": [{"url": "https://de.linkedin.com/company/codemers", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43947", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc."}, {"lang": "es", "value": "Codemers KLIMS 1.6.DEV carece de un mecanismo de control de acceso adecuado, lo que permite que un usuario normal de KLIMS realice todas las acciones que un administrador puede realizar, como modificar la configuraci\u00f3n, crear un usuario, cargar archivos, etc."}], "lastModified": "2025-06-23T17:59:17.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codemers:klims:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3B292FC-1B49-41E8-AD4A-52E793229C4E", "versionEndIncluding": "1.6_dev"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}