How severe is CVE-2025-2114?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2025-2114?

This is classified as CWE-266, which is a common weakness in software security.

CVE-2025-2114 - MEDIUM Severity | CVSS 3.7

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This issue affects some unknown processing of the file /WebPages/Adm/OperatorStop.asp of the component Reset Password Interface. The manipulation of the argument OperId leads to improper authorization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2023-3072

LOW

CVSS:3.8(Low)

HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

CWE-2662023

CVE-2023-29066

LOW

CVSS:3.5(Low)

The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data ...

CWE-2662023

CVE-2025-2850

MEDIUM

CVSS:3.5(Low)

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 ...

CWE-2662025

CVE-2025-0797

MEDIUM

CVSS:3.3(Low)

A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects unknown code of the file /var/Microworld/ of the component Quar...

CWE-2662025

CVE-2024-10978

MEDIUM

CVSS:4.2(Medium)

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SES...

CWE-2662024

CVE-2024-57967

MEDIUM

CVSS:4.2(Medium)

PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.

CWE-2662024