Vulnerability Details CVE-2025-51533
An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.6%
CVSS Severity
CVSS v3 Score 5.3
References
- https://www.sec4you-pentest.com/schwachstelle/sage-dpw-vorhersehbare-url-ids-ermoeglichen-unautorisierten-zugriff-auf-interne-formulare/
- https://www.sec4you-pentest.com/schwachstellen
- https://www.sec4you-pentest.com/schwachstelle/sage-dpw-vorhersehbare-url-ids-ermoeglichen-unautorisierten-zugriff-auf-interne-formulare/
Products affected by CVE-2025-51533
-
cpe:2.3:a:sagedpw:sage_dpw:2020_06_000
-
cpe:2.3:a:sagedpw:sage_dpw:2020_06_001
-
cpe:2.3:a:sagedpw:sage_dpw:2020_06_002
-
cpe:2.3:a:sagedpw:sage_dpw:2024_12_000
-
cpe:2.3:a:sagedpw:sage_dpw:2024_12_001