CVE ID | CVE-2025-4430 |
Publication date | 14 May 2025 |
Vendor | Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy |
Product | EZD RP |
Vulnerable versions | All before 20.19 |
Vulnerability type (CWE) | Missing Authorization (CWE-862) |
Report source | NASK own research |
Description
CERT Polska has received a report about vulnerability in EZD RP software developed by NASK - PIB and participated in coordination of its disclosure.
The vulnerability CVE-2025-4430: Unauthorized access to /api/Token/gettoken
endpoint in EZD RP allows file manipulation.
This issue affects EZD RP in versions before 20.19 (published on 22nd August 2024).
Credits
We thank Jakub Płatek (NASK-PIB) for the responsible vulnerability report.
More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.