CVE-2025-61075HIGH 8.1EPSS p36.0%

CVE-2025-61075CVE-2025-61075

Description

Multiple Incorrect Access Control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 allow remote authenticated, low-privileged users to carry out administrative functions and manipulate data of other users via unauthorized API calls.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.45% probability of exploitation · percentile 36.0% · 2026-06-18T12:00:27Z
Published2025-12-09
Last modified2025-12-12

Underlying weaknesses· 1

CWE-639

References

  1. https://no-sec.net/posts/cve-2025-61075/
  2. https://www.adata.de/mitarbeiter-portal/

1

TypeTargetConfidenceTier
WeaknessAuthorization Bypass Through User-Controlled Keycwe-6390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-30416
CVE
CVE-2025-30411
CVE
CVE-2025-30412
CVE
CVE-2025-0070
CVE
CVE-2025-30410
CVE
CVE-2025-12871
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.