CRITICAL🇵🇱 Wersja polska

CVE-2025-25535

CVSS 9.8v3.1pub. 2025-03-26upd. 2026-04-15

HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.

🤖 AI Analysis
How it works

The attacker sends a properly crafted HTTP request, which causes manipulation of the server response (HTTP Response Manipulation). The error classified as CWE-276 (Incorrect Default Permissions) suggests that the permission control mechanism in the application is not properly enforced, which allows bypassing access restrictions. As a result, an unauthenticated remote attacker can obtain a higher privilege level than they are entitled to.

Impact

An attacker can obtain unauthorized privilege escalation in the SCRIPT CASE application, which based on the CVSS score indicating complete violation of confidentiality, integrity and availability may result in complete takeover of the application.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. It is recommended to monitor official SCRIPT CASE vendor channels and resources indicated in the references (GitHub and besafebrasil.com.br) to obtain information about available updates.

Who is affected

SCRIPT CASE v.1.0.002 Build7

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References