How severe is CVE-2025-26658?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2025-26658?

This is classified as CWE-384, which is a common weakness in software security.

CVE-2025-26658 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper session management, the attackers can elevate themselves to higher privilege and can read, modify and/or write new data. To gain authenticated sessions of other users, the attacker must invest considerable time and effort. This vulnerability has a high impact on the confidentiality and integrity of the application with no effect on the availability of the application.

Related Vulnerabilities

CVE-2018-1492

MEDIUM

CVSS:6.8(Medium)

IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: ...

CWE-3842018

CVE-2021-3740

MEDIUM

CVSS:6.8(Medium)

A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowin...

CWE-3842021

CVE-2022-3916

MEDIUM

CVSS:6.8(Medium)

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and ...

CWE-3842022

CVE-2023-3394

MEDIUM

CVSS:6.8(Medium)

Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.

CWE-3842023

CVE-2024-42170

MEDIUM

CVSS:6.8(Medium)

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session.

CWE-3842024

CVE-2016-6043

HIGH

CVSS:7.0(High)

Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.

CWE-3842016