Full Report
Missing Authorization vulnerability (CVE-2025-4430) has been found in EZD RP software.
Analysis Summary
# Vulnerability: Missing Authorization in EZD RP leading to Unauthorized API Access
## CVE Details
- CVE ID: CVE-2025-4430
- CVSS Score: Not provided (Severity inference based on technical details: High)
- CWE: CWE-862 (Missing Authorization)
## Affected Systems
- Products: EZD RP software
- Versions: All versions before 20.19 (The fix version 20.19 was published on August 22nd, 2024, suggesting any version prior to this date is vulnerable when referencing the publication date of this advisory)
- Configurations: Not specified, likely applies to default installations.
## Vulnerability Description
A Missing Authorization vulnerability exists in the EZD RP software, specifically within the `/api/Token/gettoken` endpoint. This flaw allows an unauthenticated or improperly authenticated attacker to bypass authorization controls and gain access to the endpoint, potentially enabling unauthorized file manipulation activities on the server.
## Exploitation
- Status: Information not explicitly stated, assumed PoC may exist due to responsible disclosure process.
- Complexity: Likely **Low** given it involves an unauthorized endpoint access (`/api/Token/gettoken`).
- Attack Vector: **Network** (As it targets an API endpoint).
## Impact
- Confidentiality: Potential unauthorized access to sensitive information.
- Integrity: Potential file manipulation and unauthorized modifications to system data.
- Availability: Potential denial of service or corruption leading to unavailability, depending on the extent of file manipulation allowed.
## Remediation
### Patches
- Patch Availability: Version 20.19 (Published on 22nd August 2024) contains the fix. All users should upgrade immediately.
### Workarounds
- Temporary mitigations were not specified in the source material. Implementing strict network access controls for the API gateway serving EZD RP is recommended until patching is complete.
## Detection
- Indicators of Compromise: Look for unexpected or unusual requests targeting the `/api/Token/gettoken` endpoint originating from unauthorized sources. Monitoring for subsequent unexpected file system changes or operations correlating with these requests.
- Detection Methods and Tools: API gateway logs, Web Application Firewalls (WAFs) configured to monitor for unauthorized endpoint access attempts.
## References
- Vendor Advisories: Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy (NASK - PIB)
- Relevant Links:
- CERT Polska Advisory: hxxps://cert.pl/en/news/
- CVE Record: hxxps://www.cve.org/CVERecord?id=CVE-2025-4430