CVE-2025-51533

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-51533
An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.sec4you-pentest.com/schwachstelle/sage-dpw-vorhersehbare-url-ids-ermoeglichen-unautorisierten-zugriff-auf-interne-formulare/ Exploit Third Party Advisory
https://www.sec4you-pentest.com/schwachstellen Third Party Advisory
https://www.sec4you-pentest.com/schwachstelle/sage-dpw-vorhersehbare-url-ids-ermoeglichen-unautorisierten-zugriff-auf-interne-formulare/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sagedpw:sage_dpw:*:*:*:*:*:*:*:*
History

01 Oct 2025, 20:36

Type Values Removed Values Added
References () https://www.sec4you-pentest.com/schwachstelle/sage-dpw-vorhersehbare-url-ids-ermoeglichen-unautorisierten-zugriff-auf-interne-formulare/ - () https://www.sec4you-pentest.com/schwachstelle/sage-dpw-vorhersehbare-url-ids-ermoeglichen-unautorisierten-zugriff-auf-interne-formulare/ - Exploit, Third Party Advisory
References () https://www.sec4you-pentest.com/schwachstellen - () https://www.sec4you-pentest.com/schwachstellen - Third Party Advisory
Summary
  • (es) Una referencia de objeto directo insegura (IDOR) en Sage DPW v2024_12_004 y anteriores permite a atacantes no autorizados acceder a formularios internos mediante el envío de una solicitud GET manipulada.
CPE cpe:2.3:a:sagedpw:sage_dpw:*:*:*:*:*:*:*:*
First Time Sagedpw
Sagedpw sage Dpw

07 Aug 2025, 20:15

Type Values Removed Values Added
Summary (en) An Insecure Direct Object Reference (IDOR) in Sage DPW v2024.12.003 allows unauthorized attackers to access internal forms via sending a crafted GET request. This is fixed in Halbjahresversion 2024_12_004. (en) An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.
References () https://www.sec4you-pentest.com/schwachstelle/sage-dpw-vorhersehbare-url-ids-ermoeglichen-unautorisierten-zugriff-auf-interne-formulare/ - () https://www.sec4you-pentest.com/schwachstelle/sage-dpw-vorhersehbare-url-ids-ermoeglichen-unautorisierten-zugriff-auf-interne-formulare/ -
CWE CWE-639

07 Aug 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-07 19:15

Updated : 2025-10-01 20:36

NVD link : CVE-2025-51533

Mitre link : CVE-2025-51533

CVE.ORG link : CVE-2025-51533

JSON object : View

Products Affected

sagedpw

  • sage_dpw
CWE
CWE-639

Authorization Bypass Through User-Controlled Key