216.73.217.139

CVE-2025-29556

· Published 31/07/2025 16:15 · Modified 31/07/2025 20:15

Labels: CVE-2025-29556 2025-07-31CVE-2025-29556CWE-284[email protected]

Essential information

Published
31/07/2025 16:15
Modified
31/07/2025 20:15
Author
Creator
CVSS
7.3 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS metrics

Description

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation, altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
exagrid / exa grid ex10 cpe:2.3:a:exagrid:exa_grid_ex10:6.3:*:*:*:*:*:*:*
exagrid / exa grid ex10 cpe:2.3:a:exagrid:exa_grid_ex10:7.0.1.P08:*:*:*:*:*:*:*

References