How to fix CVE-2025-43947?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Is Klims affected by CVE-2025-43947?

CVE-2025-43947 presents moderate security risk, a improper access control vulnerability rated CVSS 7.3. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available, increasing the risk of exploitation.

Klims CVE-2025-43947

HIGH

Improper Access Control (CWE-284)

2025-04-22 [email protected]

Authentication Bypass Klims

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:38 vuln.today

PoC Detected

Jun 23, 2025 - 17:59 vuln.today

Public exploit code

CVE Published

Apr 22, 2025 - 18:16 nvd

HIGH 7.3

DescriptionNVD

AnalysisAI

Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-284. Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc. Affected products include: Codemers Klims.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-43947 vulnerability details – vuln.today

Back