CVE-2025-8049 - Vulnerability Details - OpenCVE

Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application.

This issue affects Flipper: 3.1.2.

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0850530

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0850530

History

Mon, 20 Oct 2025 20:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 20 Oct 2025 20:00:00 +0000

Type	Values Removed	Values Added
Description		Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application. This issue affects Flipper: 3.1.2.
Title		Insufficient Access Control vulnerability has been discovered in OpenText Flipper.
Weaknesses		CWE-1220
References		https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0850530
Metrics		cvssV4_0 `{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green'}`

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2025-10-20T19:56:20.291Z

Updated: 2025-10-20T20:15:29.819Z

Reserved: 2025-07-22T13:06:51.321Z

Link: CVE-2025-8049

Vulnrichment

Updated: 2025-10-20T20:15:26.627Z

NVD

Status : Received

Published: 2025-10-20T20:15:38.173

Modified: 2025-10-20T20:15:38.173

Link: CVE-2025-8049

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8049", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2025-07-22T13:06:51.321Z", "datePublished": "2025-10-20T19:56:20.291Z", "dateUpdated": "2025-10-20T20:15:29.819Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Flipper", "vendor": "opentext", "versions": [{"status": "affected", "version": "3.1.2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lockheed Martin Red Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. <span style=\"background-color: rgb(255, 255, 255);\">The vulnerability could allow a low-privilege user to elevate privileges within the application.</span>\n\n<p>This issue affects Flipper: 3.1.2. </p>"}], "value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels.\u00a0The vulnerability could allow a low-privilege user to elevate privileges within the application.\n\nThis issue affects Flipper: 3.1.2."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "PRESENT", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 2.3, "baseSeverity": "LOW", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1220", "description": "CWE-1220 Insufficient Granularity of Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2025-10-20T19:56:20.291Z"}, "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0850530"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0850530\">https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0850530</a><br>"}], "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0850530"}], "source": {"discovery": "UNKNOWN"}, "title": "Insufficient Access Control vulnerability has been discovered in OpenText Flipper.", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-20T20:15:22.931703Z", "id": "CVE-2025-8049", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-20T20:15:29.819Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8049", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-20T20:15:22.931703Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-20T20:15:26.627Z"}}], "cna": {"title": "Insufficient Access Control vulnerability has been discovered in OpenText Flipper.", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Lockheed Martin Red Team"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "PRESENT", "version": "4.0", "Recovery": "USER", "baseScore": 2.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green", "providerUrgency": "GREEN", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "opentext", "product": "Flipper", "versions": [{"status": "affected", "version": "3.1.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0850530", "supportingMedia": [{"type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0850530\">https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0850530</a><br>", "base64": false}]}], "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0850530"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels.\u00a0The vulnerability could allow a low-privilege user to elevate privileges within the application.\n\nThis issue affects Flipper: 3.1.2.", "supportingMedia": [{"type": "text/html", "value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. <span style=\"background-color: rgb(255, 255, 255);\">The vulnerability could allow a low-privilege user to elevate privileges within the application.</span>\n\n<p>This issue affects Flipper: 3.1.2. </p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1220", "description": "CWE-1220 Insufficient Granularity of Access Control"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2025-10-20T19:56:20.291Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8049", "state": "PUBLISHED", "dateUpdated": "2025-10-20T20:15:29.819Z", "dateReserved": "2025-07-22T13:06:51.321Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2025-10-20T19:56:20.291Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels.\u00a0The vulnerability could allow a low-privilege user to elevate privileges within the application.\n\nThis issue affects Flipper: 3.1.2."}], "id": "CVE-2025-8049", "lastModified": "2025-10-20T20:15:38.173", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "PRESENT", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2025-10-20T20:15:38.173", "references": [{"source": "security@opentext.com", "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0850530"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1220"}], "source": "security@opentext.com", "type": "Primary"}]}