CNNVD-202508-3107 Information

CNNVD ID

CNNVD-202508-3107

Related CVE

CVE-2025-8700

• CNNVD Published: 2025-08-26

Description (Chinese)

Invoice Ninja是Invoice Ninja开源的一个具有发票、报价、项目和时间跟踪功能的应用程序。 Invoice Ninja 5.0.175之前版本存在安全漏洞，该漏洞源于调试工具授权不当，可能导致本地攻击者读取或修改进程内存。

Description (English)

Invoice Ninja is an application with invoice, quotation, project and time-tracking functions from the open source of Invoice Ninja. There was a security loophole in the pre-Ivoice Ninja 5.0.175 version, which stemmed from the inappropriate authorization of the debugging tool, which could lead local assailants to read or modify the memory of the process.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Invoice Ninja

Published

2025-08-26

Last Modified

2026-02-24

References

https://invoiceninja.com/ https://cert.pl/en/posts/2025/08/tcc-bypass/ https://nvd.nist.gov/vuln/detail/CVE-2025-8700