Vulnerability in OXARI ServiceDesk software

CVE ID	CVE-2025-1542
Publication date	26 March 2025
Vendor	Infonet Projekt SA
Product	OXARI ServiceDesk
Vulnerable versions	All before 2.0.324.0
Vulnerability type (CWE)	Incorrect Authorization (CWE-863)
Report source	Report to CERT Polska

Description

CERT Polska has received a report about vulnerability in Infonet Projekt SA OXARI ServiceDesk software and participated in coordination of its disclosure.

Improper permission control vulnerability CVE-2025-1542 in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.

This issue affects OXARI ServiceDesk in versions before 2.0.324.0.

Credits

We thank Robert Jaroszuk - Penetration Tester @ Lufthansa Systems Poland for the responsible vulnerability report.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.