CVE Vulnerabilities

CVE-2025-47226

Direct Request ('Forced Browsing')

Published: May 02, 2025 | Modified: Jun 03, 2025
CVSS 3.x
3.3
LOW
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.

Weakness

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

Affected Software

Name Vendor Start Version End Version
Snipe-it Snipeitapp * 8.1.0 (excluding)

Potential Mitigations

References