Skip to main content

Agorum Core CVE-2025-52168

MEDIUM
Improper Access Control (CWE-284)
2025-07-18 cve@mitre.org
6.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
vuln.today AI
7.5 HIGH

Arbitrary file read on an ECM server warrants C:H; no write capability is described, so I:N; unauthenticated network access confirmed by description and PR:N.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 02:17 vuln.today

DescriptionCVE.org

Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system.

AnalysisAI

Unauthenticated arbitrary file read in Agorum Core open v11.9.2 and v11.10.1 exposes the underlying filesystem to any network-accessible attacker via the dynawebservice component. The access control failure (CWE-284) requires no authentication, no user interaction, and no special configuration - any exposed instance of these two specific versions is vulnerable. No public exploit code or CISA KEV listing exists at time of analysis, but the zero-prerequisite network vector makes this trivially exploitable once an attacker identifies the endpoint, and the ECM context means sensitive documents, credentials, and configuration files are likely stored on the affected system.

Technical ContextAI

Agorum Core is an open-source enterprise content management (ECM) system developed by agorum Software GmbH, designed for document management and workflow automation. The affected component, dynawebservice, is a web service interface exposed by the platform for programmatic access. CWE-284 (Improper Access Control) identifies the root cause as a missing or bypassable authorization enforcement layer on file retrieval operations within this endpoint - the service does not verify whether the requestor is authenticated before serving file contents. This class of flaw typically arises from authentication middleware being applied inconsistently across route handlers, or from a dedicated endpoint that was designed for internal use but inadvertently exposed without access controls. Affected versions are confirmed as v11.9.2 and v11.10.1; no CPE strings were provided in the available data.

Affected ProductsAI

Agorum Core open version 11.9.2 and version 11.10.1, developed by agorum Software GmbH, are confirmed affected through the dynawebservice component. No CPE strings were included in the available intelligence data. Other versions of Agorum Core are not confirmed affected or unaffected by the available data and should be assessed against the vendor advisory. The usd HeroLab security advisory at https://herolab.usd.de/security-advisories/usd-2025-0022/ is the primary reference for authoritative affected version scope.

RemediationAI

Consult the usd HeroLab advisory at https://herolab.usd.de/security-advisories/usd-2025-0022/ as the authoritative source for patch details - no explicit patched version number was present in the available intelligence data, so a confirmed fixed release cannot be cited here. As an immediate compensating control, restrict network access to the dynawebservice endpoint using a reverse proxy, WAF rule, or firewall ACL to permit only trusted internal IP ranges; note that this may break legitimate API integrations relying on dynawebservice and should be tested before broad deployment. If the dynawebservice component is not actively used in your environment, disabling or removing it eliminates the attack surface entirely without impacting core ECM functionality, though dependent automation workflows must be inventoried first. For internet-facing deployments that cannot be patched or isolated immediately, placing the Agorum instance behind a VPN gateway is the highest-impact temporary control, preventing unauthenticated public access entirely.

Share

CVE-2025-52168 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy