CVE-2025-2306 (GCVE-0-2025-2306)

Vulnerability from cvelistv5 – Published: 2025-05-16 12:10 – Updated: 2025-05-16 13:02
VLAI?
Summary
An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The attack requires the attacker to know the documents UUIDv4.
Severity ?
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-284 - Improper Access Control
Assigner
References
Impacted products
Vendor Product Version
SYNCPILOT LIVE CONTRACT Affected: 3 , < 5.4.12 (semver)
Affected: 5.5 , < 5.5.4 (semver)
Affected: 5.6 , < 5.6.3 (semver)
Create a notification for this product.
Credits
Felix Schmid <felix.schmid@cirosec.de>
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2306",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T13:02:34.088925Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-16T13:02:39.876Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "LIVE CONTRACT",
          "vendor": "SYNCPILOT",
          "versions": [
            {
              "lessThan": "5.4.12",
              "status": "affected",
              "version": "3",
              "versionType": "semver"
            },
            {
              "lessThan": "5.5.4",
              "status": "affected",
              "version": "5.5",
              "versionType": "semver"
            },
            {
              "lessThan": "5.6.3",
              "status": "affected",
              "version": "5.6",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Felix Schmid \u003cfelix.schmid@cirosec.de\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn Improper Access Control vulnerability was\nidentified in the file download functionality. This vulnerability allows users\nto download sensitive documents without authentication, if the URL is known.\u003c/p\u003e\n\n\u003cp\u003eThe attack\nrequires the attacker to know the documents UUIDv4.\u003c/p\u003e"
            }
          ],
          "value": "An Improper Access Control vulnerability was\nidentified in the file download functionality. This vulnerability allows users\nto download sensitive documents without authentication, if the URL is known.\n\n\n\nThe attack\nrequires the attacker to know the documents UUIDv4."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-1",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-16T12:10:13.895Z",
        "orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
        "shortName": "cirosec"
      },
      "references": [
        {
          "url": "https://www.cirosec.de/sa/sa-2025-004"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to versions\u0026nbsp;5.4.12, 5.5.4, 5.6.3 or higher."
            }
          ],
          "value": "Update to versions\u00a05.4.12, 5.5.4, 5.6.3 or higher."
        }
      ],
      "source": {
        "advisory": "SA-2025-004",
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-04T23:00:00.000Z",
          "value": "Vendor was contacted and informed about the vulnerability via email."
        },
        {
          "lang": "en",
          "time": "2025-03-04T23:00:00.000Z",
          "value": "Initial response received from vendor. Vendor acknowledged the vulnerability."
        },
        {
          "lang": "en",
          "time": "2025-03-12T23:00:00.000Z",
          "value": "Vendor informed us that the issue was resolved."
        }
      ],
      "title": "Improper Access Control vulnerability in LIVE CONTRACT",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
    "assignerShortName": "cirosec",
    "cveId": "CVE-2025-2306",
    "datePublished": "2025-05-16T12:10:13.895Z",
    "dateReserved": "2025-03-14T12:24:19.522Z",
    "dateUpdated": "2025-05-16T13:02:39.876Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-2306\",\"sourceIdentifier\":\"a341c0d1-ebf7-493f-a84e-38cf86618674\",\"published\":\"2025-05-16T13:15:52.307\",\"lastModified\":\"2025-05-16T14:42:18.700\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Access Control vulnerability was\\nidentified in the file download functionality. This vulnerability allows users\\nto download sensitive documents without authentication, if the URL is known.\\n\\n\\n\\nThe attack\\nrequires the attacker to know the documents UUIDv4.\"},{\"lang\":\"es\",\"value\":\"Se identific\u00f3 una vulnerabilidad de control de acceso inadecuado en la funcionalidad de descarga de archivos. Esta vulnerabilidad permite a los usuarios descargar documentos confidenciales sin autenticaci\u00f3n si se conoce la URL. El ataque requiere que el atacante conozca el UUIDv4 de los documentos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"a341c0d1-ebf7-493f-a84e-38cf86618674\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"a341c0d1-ebf7-493f-a84e-38cf86618674\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"references\":[{\"url\":\"https://www.cirosec.de/sa/sa-2025-004\",\"source\":\"a341c0d1-ebf7-493f-a84e-38cf86618674\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-2306\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-16T13:02:34.088925Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-16T13:02:37.262Z\"}}], \"cna\": {\"title\": \"Improper Access Control vulnerability in LIVE CONTRACT\", \"source\": {\"advisory\": \"SA-2025-004\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Felix Schmid \u003cfelix.schmid@cirosec.de\u003e\"}], \"impacts\": [{\"capecId\": \"CAPEC-1\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SYNCPILOT\", \"product\": \"LIVE CONTRACT\", \"versions\": [{\"status\": \"affected\", \"version\": \"3\", \"lessThan\": \"5.4.12\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.5\", \"lessThan\": \"5.5.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.6\", \"lessThan\": \"5.6.3\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-03-04T23:00:00.000Z\", \"value\": \"Vendor was contacted and informed about the vulnerability via email.\"}, {\"lang\": \"en\", \"time\": \"2025-03-04T23:00:00.000Z\", \"value\": \"Initial response received from vendor. Vendor acknowledged the vulnerability.\"}, {\"lang\": \"en\", \"time\": \"2025-03-12T23:00:00.000Z\", \"value\": \"Vendor informed us that the issue was resolved.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to versions\\u00a05.4.12, 5.5.4, 5.6.3 or higher.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update to versions\u0026nbsp;5.4.12, 5.5.4, 5.6.3 or higher.\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.cirosec.de/sa/sa-2025-004\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Access Control vulnerability was\\nidentified in the file download functionality. This vulnerability allows users\\nto download sensitive documents without authentication, if the URL is known.\\n\\n\\n\\nThe attack\\nrequires the attacker to know the documents UUIDv4.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eAn Improper Access Control vulnerability was\\nidentified in the file download functionality. This vulnerability allows users\\nto download sensitive documents without authentication, if the URL is known.\u003c/p\u003e\\n\\n\u003cp\u003eThe attack\\nrequires the attacker to know the documents UUIDv4.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"a341c0d1-ebf7-493f-a84e-38cf86618674\", \"shortName\": \"cirosec\", \"dateUpdated\": \"2025-05-16T12:10:13.895Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-2306\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-16T13:02:39.876Z\", \"dateReserved\": \"2025-03-14T12:24:19.522Z\", \"assignerOrgId\": \"a341c0d1-ebf7-493f-a84e-38cf86618674\", \"datePublished\": \"2025-05-16T12:10:13.895Z\", \"assignerShortName\": \"cirosec\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.