Impact
This vulnerability arises from improper access control in MIA Technology Inc.'s Pizzy Library. Misconfigured security level settings allow an attacker to bypass authorization checks and gain unauthorized access to protected functions or data, potentially compromising confidentiality and integrity.
Affected Systems
The affected product is MIA Technology Inc.'s Pizzy Library in all releases from version 1.0.0.26250 up to, but not including, 1.3.9.26250. Systems that integrate or embed any of these library versions are at risk. No other vendors or products are known to be affected.
Risk and Exploitability
The CVSS score of 7.1 classifies this issue as high severity. The EPSS score is < 1%, and the vulnerability is not listed in the CISA KEV catalog, so public exploitation is not confirmed. Nonetheless, the flaw requires that input be accepted without proper authorization checks, which the library performs internally. An attacker with the ability to influence the library’s input path or configuration—such as through a web interface, API, or internal process—could potentially gain unauthorized access. The risk level remains high because the flaw directly enables the bypassing of authentication controls, though exploitable scenarios may require some configuration context.
OpenCVE Enrichment