ByteOS Network

Vulnerability Details :

CVE-2025-1575

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-23 Feb, 2025 | 04:00

Updated At-24 Feb, 2025 | 12:21

Harpia DiagSystem atualatendimento_jpeg.php resource injection

A vulnerability classified as problematic has been found in Harpia DiagSystem 12. Affected is an unknown function of the file /diagsystem/PACS/atualatendimento_jpeg.php. The manipulation of the argument cod/codexame leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:23 Feb, 2025 | 04:00

Updated At:24 Feb, 2025 | 12:21

▼CVE Numbering Authority (CNA)

Harpia DiagSystem atualatendimento_jpeg.php resource injection

Affected Products

Vendor

Harpia

Product

DiagSystem

Versions

Affected

Problem Types

Type	CWE ID	Description
CWE	CWE-99	Improper Control of Resource Identifiers

Type: CWE

CWE ID: CWE-99

Description: Improper Control of Resource Identifiers

Metrics

Version	Base score	Base severity	Vector
4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.0	4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.0	4.0	N/A	AV:N/AC:L/Au:S/C:P/I:N/A:N

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Version: 3.0

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Version: 2.0

Base score: 4.0

Base severity: N/A

Vector:

AV:N/AC:L/Au:S/C:P/I:N/A:N

Credits

reporter

Samuel Jesus (VulDB User)

Timeline

Event	Date
Advisory disclosed	2025-02-22 00:00:00
VulDB entry created	2025-02-22 01:00:00
VulDB entry last update	2025-02-22 11:35:09

Event: Advisory disclosed

Date: 2025-02-22 00:00:00

Event: VulDB entry created

Date: 2025-02-22 01:00:00

Event: VulDB entry last update

Date: 2025-02-22 11:35:09

References

Hyperlink	Resource
https://vuldb.com/?id.296550	vdb-entry technical-description
https://vuldb.com/?ctiid.296550	signature permissions-required
https://vuldb.com/?submit.497083	third-party-advisory
https://drive.google.com/file/d/1zBAwcqfv6-HvDQg6ch3ywbllo0VlLIoQ/view?usp=sharing	exploit

Hyperlink: https://vuldb.com/?id.296550

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.296550

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.497083

Resource:

third-party-advisory

Hyperlink: https://drive.google.com/file/d/1zBAwcqfv6-HvDQg6ch3ywbllo0VlLIoQ/view?usp=sharing

Resource:

exploit

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:23 Feb, 2025 | 04:15

Updated At:23 Feb, 2025 | 04:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Secondary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N

Type: Secondary

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-99	Primary	cna@vuldb.com

CWE ID: CWE-99

Type: Primary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://drive.google.com/file/d/1zBAwcqfv6-HvDQg6ch3ywbllo0VlLIoQ/view?usp=sharing	cna@vuldb.com	N/A
https://vuldb.com/?ctiid.296550	cna@vuldb.com	N/A
https://vuldb.com/?id.296550	cna@vuldb.com	N/A
https://vuldb.com/?submit.497083	cna@vuldb.com	N/A

Hyperlink: https://drive.google.com/file/d/1zBAwcqfv6-HvDQg6ch3ywbllo0VlLIoQ/view?usp=sharing

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?ctiid.296550

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?id.296550

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?submit.497083

Source: cna@vuldb.com

Resource: N/A

Similar CVEs

5Records found

CVE-2025-9263

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-0.03% / 8.21%

7 Day CHG~0.00%

Published-20 Aug, 2025 | 23:02

Updated-22 Aug, 2025 | 18:09

Xuxueli xxl-job JobLogController.java getJobsByGroup resource injection

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor-Xuxueli

Product-xxl-job

CWE ID-CWE-99

Improper Control of Resource Identifiers ('Resource Injection')

CVE-2025-8793

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-0.03% / 7.39%

7 Day CHG~0.00%

Published-10 Aug, 2025 | 04:02

Updated-13 Aug, 2025 | 16:15

LitmusChaos Litmus resource injection

A vulnerability classified as problematic was found in LitmusChaos Litmus up to 3.19.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument projectID leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-LitmusChaos

Product-Litmus

CWE ID-CWE-99

Improper Control of Resource Identifiers ('Resource Injection')

CVE-2025-3405

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-0.05% / 15.89%

7 Day CHG~0.00%

Published-08 Apr, 2025 | 03:31

Updated-08 Apr, 2025 | 18:24

FCJ Venture Builder appclientefiel HTTP GET Request ObterPedido resource injection

A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /rest/cliente/ObterPedido/ of the component HTTP GET Request Handler. The manipulation of the argument ORDER_ID leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-FCJ Venture Builder

Product-appclientefiel

CWE ID-CWE-99

Improper Control of Resource Identifiers ('Resource Injection')

CVE-2025-2125

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-0.03% / 6.71%

7 Day CHG~0.00%

Published-09 Mar, 2025 | 16:00

Updated-24 Mar, 2025 | 13:55

Control iD RH iD PDF Document companyId resource injection

A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovante_marcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of resource identifiers. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-assaabloy Control iD

Product-control_id_rhid RH iD

CWE ID-CWE-639

Authorization Bypass Through User-Controlled Key

CWE ID-CWE-99

Improper Control of Resource Identifiers ('Resource Injection')

CVE-2025-1642

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-0.05% / 13.62%

7 Day CHG~0.00%

Published-25 Feb, 2025 | 00:31

Updated-25 Feb, 2025 | 14:38

Benner ModernaNet GetImageMedico resource injection

A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been declared as critical. This vulnerability affects unknown code of the file /AGE0000700/GetImageMedico?fooId=1. The manipulation of the argument fooId leads to improper control of resource identifiers. The attack can be initiated remotely. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component.

Vendor-Benner

Product-ModernaNet

CWE ID-CWE-99

Improper Control of Resource Identifiers ('Resource Injection')

CVE-2025-1575

Credits

Harpia DiagSystem atualatendimento_jpeg.php resource injection

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs