CVE-2025-26853

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.descor.com/prodotti/infocad	Product
https://www.infocadfm.com/changelog/broken-authorization-schema/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:descor:infocad:*:*:*:*:*:*:*:*

History

01 Apr 2025, 20:25

Type	Values Removed	Values Added
CPE		cpe:2.3:a:descor:infocad::::::::
First Time		Descor Descor infocad
References	~~() https://www.descor.com/prodotti/infocad -~~	() https://www.descor.com/prodotti/infocad - Product
References	~~() https://www.infocadfm.com/changelog/broken-authorization-schema/ -~~	() https://www.infocadfm.com/changelog/broken-authorization-schema/ - Vendor Advisory

28 Mar 2025, 00:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : 10.0
Summary		(es) DESCOR INFOCAD 3.5.1 y anteriores y corregido en v.3.5.2.0 tienen un esquema de autorización dañado.
CWE		CWE-863

20 Mar 2025, 21:15

Type	Values Removed	Values Added
CWE		CWE-862
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3

20 Mar 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 20:15

Updated : 2025-04-23 19:13

NVD link : CVE-2025-26853

Mitre link : CVE-2025-26853

CVE.ORG link : CVE-2025-26853

JSON object : View

Products Affected

descor

infocad

CWE

CWE-863

Incorrect Authorization

CWE-862

Missing Authorization

10.0 /10