CVE-2025-29556 Information
Aug 01, 2025
cve
Description
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3 ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval.
Reference
https://github.com/0xsu3ks/CVE-2025-29556 https://www.exagrid.com/
Related CNNVD
CNNVD-202507-3925 (Published: 2025-07-31)
Share on: