CNNVD-202507-2915 Information

Jul 22, 2025 cve

CNNVD ID

CNNVD-202507-2915

CVE-2025-31513

CNNVD Published: 2025-07-22

Description (Chinese)

Alert Enterprise Guardian是美国Alert Enterprise开源的一款实物身份与访问管理系统。 Alert Enterprise Guardian 4.1.14.2.2.1版本存在安全漏洞，该漏洞源于通过Request%20Building%20Access requestSubmit API调用中的IsAdminApprover参数提升至管理员权限。

Description (English)

Alert Enterprise Guardian is a physical identity and access management system for the United States of America’s Alert Enterprise open source. Alert Enterprise Guardian 4.1.14.2.2.1 has a security loophole, which originates from raising the IsAdminApprover parameter called through ReQest %20Building %20Access requestSubmit API to administrator privileges.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Alert Enterprise

Published

2025-07-22

Last Modified

2026-02-24

References

https://alertenterprise.com/switch-to-guardian/ https://alertenterprise.screenstepslive.com/a/1969949-alertenterprise-security-advisory-july-2025 https://x.com/pand0rausa/status/1947477020809826359 https://nvd.nist.gov/vuln/detail/CVE-2025-31513 https://access.redhat.com/security/cve/cve-2025-31513

Share on: