CVE 8.8 HIGH

CVE-2025-64062_CVE-2025-64062

November 26, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value (e.g., [email protected]), an attacker can assume the session and gain full access to the target user's data and privileges. Also, if the email parameter is left blank, the application defaults to the first user in the list, who is typically the application administrator, resulting in an immediate Privilege Escalation to the highest level.

AI Analysis

Privilege Escalation vulnerability in Primakon Pi Portal due to improper server-side validation

Basic Information

ID CVE-2025-64062

Source mitre

Published Nov 25, 2025 at 00:00

Modified Nov 26, 2025 at 14:33

Affected Product

Vendor Primakon

Product Primakon Pi Portal

Version 1.0.18

Affected Versions n/a n/a n/a

CWE Classification

CWE-285

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Primakon

Product Primakon Pi Portal

Version 1.0.18

References

{
    "lastseen": "",
    "description": "The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value (e.g., [email protected]), an attacker can assume the session and gain full access to the target user's data and privileges. Also, if the email parameter is left blank, the application defaults to the first user in the list, who is typically the application administrator, resulting in an immediate Privilege Escalation to the highest level.",
    "published": "2025-11-25T00:00:00.000Z",
    "modified": "2025-11-26T14:33:07.025Z",
    "type": "cve",
    "title": "CVE-2025-64062",
    "source": "mitre",
    "references": "https://www.primakon.com/rjesenja/primakon-pcm/\nhttps://github.com/n3k7ar91/Vulnerabilites/blob/main/Primakon/CVE-2025-64062.md",
    "id": "CVE-2025-64062",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Primakon Pi Portal",
    "version": "1.0.18",
    "vendor": "Primakon",
    "ai_description": "Privilege Escalation vulnerability in Primakon Pi Portal due to improper server-side validation",
    "ai_severity": "High",
    "ai_vendor": "Primakon",
    "ai_product": "Primakon Pi Portal",
    "ai_version": "1.0.18",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply