CVE-2025-67796 in Rdiffwebinformação

Sumário

de MITRE • 04/05/2026

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users data and, in some cases, perform privileged actions. This issue may enable cross-tenant access. Fixed in version 2.10.6.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

MITRE

Reservar

12/12/2025

Divulgação

04/05/2026

Moderação

aceite

Entrada

VDB-361038

CPE

pronto

CWE

CWE-285 (confirmado)

CVSS

6.3 (VulDB)

EPSS

0.00030

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-67796
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-67796
CVE Details	https://www.cvedetails.com/cve/CVE-2025-67796/

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!