CVE-2025-13808 | orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1 User Profile UserController.java update ID improper authorization

A vulnerability, which was classified as critical, has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This manipulation of the argument ID causes improper authorization.

This vulnerability is tracked as CVE-2025-13808. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13808 | orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1 User Profile UserController.java update ID improper authorization

Post correlati

CVE-2024-38425 | Qualcomm Snapdragon Mobile up to WSA8835 improper authorization

CVE-2023-43543 | Qualcomm Snapdragon Auto/Snapdragon Wearables Audio use after free

CVE-2024-13273 | Drupal Open Social up to 12.3.7/12.4.4 cross site scripting

CVE-2024-41686 | SyroTech SY-GPON-1110-WDONT 3.1.02-231102 incorrect behavior order: early validation (CIVN-2024-0225)