Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable web app, no user interaction, but requires an authenticated read-only account (PR:L); full compromise of FNMS app yields C/I/A:H with no scope change.
Primary rating from Vendor (flexera).
CVSS VectorVendor: flexera
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 that could allow an authenticated user with read-only access to account settings to escalate their privileges to Administrator level.
AnalysisAI
Privilege escalation in Flexera FlexNet Manager Suite 2025 R1 allows an authenticated user holding only read-only access to account settings to elevate themselves to full Administrator. The flaw is a server-side access-control failure (CWE-284) reachable over the network with low privileges and no user interaction, scoring CVSS 4.0 8.7. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must already hold a valid FNMS 2025 R1 user account that has been granted read-only access to account settings - this specific role is the entry point named in the description. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals point to a real but bounded enterprise risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A contractor or junior SAM analyst who has been granted read-only visibility into FlexNet account settings authenticates to the FNMS web UI and issues a crafted request to the account-settings administrative endpoint that lacks a server-side role check. The server processes the request as if the caller were an Administrator, promoting the attacker's own account, after which they reconfigure SAM integrations, suppress license-noncompliance findings, or exfiltrate entitlement data. … |
| Remediation | Patch available per vendor advisory - consult Flexera's notice at https://community.flexera.com/s/feed/0D5PL00000rJX5K0AW for the fixed FNMS 2025 R1 build and apply it on the FNMS application server following standard change control. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all Flexera FlexNet Manager Suite 2025 R1 deployments in your environment; identify and document all read-only account holders; enable comprehensive audit logging for account privilege and permission changes. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Flexnet Manager Suite
View allAn error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon
Unauthorized attachment file access in Flexera FlexNet Manager Suite 2025 R1 and R2 allows authenticated low-privileged
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38010
GHSA-rjpc-35cg-xm5c