What is the CVSS score of CVE-2025-25618?

CVE-2025-25618 has a CVSS 3.1 base score of 3.3 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L. EPSS exploitation probability: 0.1%.

Which versions of Unifiedtransform are affected by CVE-2025-25618?

CVE-2025-25618 is a low-severity vulnerability involving access control (CVSS 3.3).

Is there a public PoC exploit available for CVE-2025-25618?

Yes, a public proof-of-concept exploit is available for CVE-2025-25618. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-25618?

During next maintenance window: Apply vendor patches when convenient. Verify access control controls are in place.

Unifiedtransform CVE-2025-25618

LOW

Improper Access Control (CWE-284)

2025-03-17 cve@mitre.org

Authentication Bypass Privilege Escalation Unifiedtransform

3.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

3.3 LOW

AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:31 vuln.today

PoC Detected

Jun 24, 2025 - 14:59 vuln.today

Public exploit code

CVE Published

Mar 17, 2025 - 15:15 nvd

LOW 3.3

DescriptionCVE.org

Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers.

AnalysisAI

Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-284. Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers. Affected products include: Changeweb Unifiedtransform.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-25618 vulnerability details – vuln.today

Back