Skip to main content

Agorum Core CVE-2025-52166

MEDIUM
Improper Access Control (CWE-284)
2025-07-18 cve@mitre.org
6.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
vuln.today AI
8.1 HIGH

Requires authentication (PR:L, not PR:N as provided); administrator escalation implies full confidentiality and integrity impact over managed data.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 02:15 vuln.today

DescriptionCVE.org

Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensitive components and information.

AnalysisAI

Privilege escalation in Agorum core open v11.9.2 and v11.10.1 allows authenticated users to elevate their privileges to Administrator level, gaining access to sensitive components and information within the document management platform. The vulnerability stems from incorrect access control (CWE-284), meaning the application fails to properly enforce authorization boundaries between standard user and administrative roles. No public exploit code or active exploitation has been identified at time of analysis, and the EPSS score of 0.20% at the 10th percentile confirms low current exploitation interest, though the impact of gaining full admin access warrants prompt remediation.

Technical ContextAI

Agorum core open is a German-developed enterprise document management system (DMS/ECM). The flaw is classified under CWE-284 (Improper Access Control), indicating the application's authorization logic does not correctly enforce role-based boundaries - a category that frequently manifests as missing server-side privilege checks, insecure direct object references, or bypassable role guards in API endpoints. The vulnerability is tagged 'Authentication Bypass' in the NVD metadata, suggesting the access control enforcement mechanism can be circumvented after initial login to impersonate or assume administrator-level permissions. Affected CPE data is not provided, but the advisory covers specifically v11.9.2 and v11.10.1 of the open edition. The research was disclosed by usd HeroLab, a German vulnerability research group.

Affected ProductsAI

The vulnerability affects Agorum core open version 11.9.2 and version 11.10.1, as confirmed by the vendor disclosure. The product is the open/community edition of the Agorum core document management platform developed by Software GmbH. No CPE strings were provided in the source data. The full advisory and affected version details are published at https://herolab.usd.de/usd-2025-0028/ by usd HeroLab.

RemediationAI

No vendor-released patch version is identified in the available data; the sole reference is the usd HeroLab advisory at https://herolab.usd.de/usd-2025-0028/, which should be consulted for vendor response and fix status. Until a patched release is confirmed, administrators should restrict access to the Agorum core open interface to trusted, strongly-authenticated users only - avoid exposing the platform to the internet or to users without a verified need for access. Disable or remove accounts for external or low-trust users as an interim measure. Implement network-level controls (firewall, VPN requirement) to limit which hosts can reach the application. Review administrator audit logs for any unexpected privilege changes that may indicate prior exploitation. Contact Software GmbH directly for a patched release timeline.

Share

CVE-2025-52166 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy