exploitDog

CVE-2025-52669

Опубликовано: 20 нояб. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system.

Ссылки

https://hackerone.com/reports/3401464
Exploit
Issue Tracking
Third Party Advisory
https://hackerone.com/reports/3401464
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*

Версия до 5.5.2 (включая)

cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*

Версия от 6.0.0 (включая) до 6.0.1 (включая)

EPSS

Процентиль: 1%

0.00012

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-8xf9-935r-5f85

CVSS3: 4.3

github

3 месяца назад

Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system.

EPSS

Процентиль: 1%

0.00012

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-200