CVE ID | CVE-2025-1542 |
Publication date | 26 March 2025 |
Vendor | Infonet Projekt SA |
Product | OXARI ServiceDesk |
Vulnerable versions | All before 2.0.324.0 |
Vulnerability type (CWE) | Incorrect Authorization (CWE-863) |
Report source | Report to CERT Polska |
Description
CERT Polska has received a report about vulnerability in Infonet Projekt SA OXARI ServiceDesk software and participated in coordination of its disclosure.
Improper permission control vulnerability CVE-2025-1542 in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.
This issue affects OXARI ServiceDesk in versions before 2.0.324.0.
Credits
We thank Robert Jaroszuk - Penetration Tester @ Lufthansa Systems Poland for the responsible vulnerability report.
More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.