CVE-2025-0637: Inadequate access control in Beta10

9.8 CVSS

Description

It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for other roles. The vulnerability has been identified at least in the file or path ‘/app/tools.html’.

Classification

CVE ID: CVE-2025-0637

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: Beta10

Product: Beta10

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-21 (when was this score calculated)

References

https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-beta10

Timeline

2025-01-24 00:30:55 UTC
CVE

Inadequate access control in Beta10