CVE-2025-26138 Information

Description

Systemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter allowing unauthorized users to increment or decrement the ID to access and download files they do not have permission to view.

Reference

https://github.com/Arakiba/CVEs/tree/main/CVE-2025-26138