Home

Description

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint

PUBLISHED Reserved 2025-02-07 | Published 2025-03-12 | Updated 2025-03-12 | Assigner mitre




HIGH: 8.8CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N

References

github.com/...ulnerability-research/tree/main/CVE-2025-25710

cve.org (CVE-2025-25711)

nvd.nist.gov (CVE-2025-25711)

Download JSON