CNNVD-202507-2914 Information

Jul 22, 2025 cve

CNNVD ID

CNNVD-202507-2914

CVE-2025-31512

CNNVD Published: 2025-07-22

Description (Chinese)

Alert Enterprise Guardian是美国Alert Enterprise开源的一款实物身份与访问管理系统。 Alert Enterprise Guardian 4.1.14.2.2.1版本存在安全漏洞，该漏洞源于通过Request%20Building%20Access requestSubmit API调用中的isAddedByApprover绕过经理审批。

Description (English)

Alert Enterprise Guardian is a physical identity and access management system for the United States of America’s Alert Enterprise open source. Alert Enterprise Guardian 4.1.4.2.2.1 has a security loophole, which stems from the fact that it is being called through Request %20Building %20Access requestSubmit API that is being bypassed by the manager.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Alert Enterprise

Published

2025-07-22

Last Modified

2026-02-24

References

https://alertenterprise.com/switch-to-guardian/ https://alertenterprise.screenstepslive.com/a/1969949-alertenterprise-security-advisory-july-2025 https://x.com/pand0rausa/status/1947477020809826359 https://nvd.nist.gov/vuln/detail/CVE-2025-31512 https://access.redhat.com/security/cve/cve-2025-31512

Share on: