What is the CVSS score of EUVD-2025-201240?

EUVD-2025-201240 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Platform are affected by EUVD-2025-201240?

A high-severity access control flaw in the orderService component of platform v1.0.0 exposes sensitive information to unauthenticated or unauthorized attackers through crafted requests.

How to fix or mitigate EUVD-2025-201240?

Within 24 hours: Isolate affected platform instances from production or restrict network access to trusted IPs only; notify security team to monitor for exploitation attempts. Within 7 days: Implement WAF rules to block malicious orderService.queryObject requests; apply input validation and rate limiting; conduct forensic review of access logs for unauthorized queries. Within 30 days: Coordinate with vendor on patch timeline; evaluate architectural alternatives (API gateway enforcement, network segmentation); complete full security assessment of platform v1.0.0 components.

Platform EUVD-2025-201240

| CVE-2025-57213 HIGH

Improper Access Control (CWE-284)

2025-12-04 cve@mitre.org

Authentication Bypass Platform

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201240

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

CVE Published

Dec 04, 2025 - 16:16 nvd

HIGH 7.5

DescriptionCVE.org

Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request.

Analysis

Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request.

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls.

RemediationAI

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

EUVD-2025-201240 vulnerability details – vuln.today

Back

Platform EUVD-2025-201240

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code