CVE-2025-25497

HIGH Year: 2025
CVSS v3 Score
8.1
High
Weakness Type
CWE-602
View all →

Vulnerability Description

An issue in account management interface in Netsweeper Server v.8.2.6 and earlier (fixed in v.8.2.7) allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or away from any user.

Related Vulnerabilities

CVE-2023-23570

HIGH
CVSS:8.1(High)

Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre ...

CWE-6022023

CVE-2021-36338

HIGH
CVSS:8.0(High)

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and...

CWE-6022021

CVE-2022-31233

HIGH
CVSS:8.0(High)

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and acc...

CWE-6022022

CVE-2021-21531

HIGH
CVSS:7.8(High)

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform un...

CWE-6022021

CVE-2024-39870

HIGH
CVSS:7.8(High)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated use...

CWE-6022024

CVE-2024-44106

HIGH
CVSS:7.8(High)

Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

CWE-6022024