Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Inadequate access control in Beta10

Posted date 22/01/2025
Identificador
INCIBE-2025-0031
Importance
5 - Critical
Affected Resources
  • Beta10 software
Description

INCIBE has coordinated the publication of a critical severity vulnerability affecting Beta10 software - a suite designed specifically for fire extinguisher management, facilities management, security and surveillance companies - which was discovered by David Utón Amaya.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2025-0637 : CVSS v3.1: 9.8 | CVSS AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-287
Solution

The vulnerability has been fixed by the Beta10 team in the latest version of the application.

Detail

CVE-2025-0637: it has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for other roles. The vulnerability has been identified at least in the file or path ‘/app/tools.html’.

References list
Beta10 software
Etiquetas