Xinhu RockOA index.php publicsaveAjax improper authorization_CVE-2025-9602

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Basic Information

ID CVE-2025-9602

Source VulDB

Published Aug 29, 2025 at 01:02

Affected Product

Vendor Xinhu

Product RockOA

Version 2.6.0

Affected Versions Xinhu RockOA 2.6.0
Xinhu RockOA 2.6.1
Xinhu RockOA 2.6.2
Xinhu RockOA 2.6.3
Xinhu RockOA 2.6.4
Xinhu RockOA 2.6.5
Xinhu RockOA 2.6.6
Xinhu RockOA 2.6.7
Xinhu RockOA 2.6.8
Xinhu RockOA 2.6.9

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.",
    "published": "2025-08-29T01:02:10.988Z",
    "modified": "2025-08-29T01:02:10.988Z",
    "type": "cve",
    "title": "Xinhu RockOA index.php publicsaveAjax improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321778\nhttps://vuldb.com/?ctiid.321778\nhttps://vuldb.com/?submit.636383\nhttps://github.com/rainrocka/xinhu/issues/9\nhttps://github.com/rainrocka/xinhu/issues/9#issue-3327894144",
    "id": "CVE-2025-9602",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "Xinhu RockOA 2.6.0\nXinhu RockOA 2.6.1\nXinhu RockOA 2.6.2\nXinhu RockOA 2.6.3\nXinhu RockOA 2.6.4\nXinhu RockOA 2.6.5\nXinhu RockOA 2.6.6\nXinhu RockOA 2.6.7\nXinhu RockOA 2.6.8\nXinhu RockOA 2.6.9",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RockOA",
    "version": "2.6.0",
    "vendor": "Xinhu",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}