Full Report
Incorrect Authorization vulnerability (CVE-2025-1542) has been found in Infonet Projekt SA OXARI ServiceDesk software.
Analysis Summary
# Vulnerability: Incorrect Authorization in OXARI ServiceDesk
## CVE Details
- CVE ID: CVE-2025-1542
- CVSS Score: Not explicitly provided, indicated as an Incorrect Authorization vulnerability. (Severity assessment pending specific CVSS calculation, but granting unauthorized admin access suggests **High** severity.)
- CWE: CWE-863 (Incorrect Authorization)
## Affected Systems
- Products: Infonet Projekt SA OXARI ServiceDesk
- Versions: All versions before 2.0.324.0
- Configurations: Not specified beyond the product installation.
## Vulnerability Description
The OXARI ServiceDesk application contains an Improper permission control vulnerability (Incorrect Authorization). This flaw allows an attacker, operating with only guest access or a standard unprivileged account, to bypass intended access controls and potentially attain higher, administrative permissions within the application.
## Exploitation
- Status: Information not available regarding exploitation in the wild. PoC availability is not mentioned.
- Complexity: Likely **Medium** (Requires establishing unauthorized/guest context first).
- Attack Vector: Not explicitly defined, but typically **Network** or potentially **Adjacent** depending on service accessibility.
## Impact
- Confidentiality: Potential unauthorized access to sensitive system data.
- Integrity: Potential unauthorized modification of system configuration or user data.
- Availability: Potential service disruption if an attacker gains administrative control and misconfigures the system.
## Remediation
### Patches
- Patch Version: 2.0.324.0 (or later)
### Workarounds
- No specific workarounds were detailed in the provided text. Best practice would involve strict network segmentation and rigorous enforcement of least privilege access separate from the application's internal controls until patching is complete.
## Detection
- Detection methods are not detailed, but monitoring for unusual privilege escalations or unexpected administrative commands initiated from low-privilege sessions would be key.
## References
- Vendor advisories: None explicitly linked, but coordination was handled by CERT Polska.
- Relevant links - defanged:
- CERT Polska Report: hxxps://cert.pl/en/news/
- CVE Lookup: hxxps://www.cve.org/CVERecord?id=CVE-2025-1542
- CWE Detail: hxxps://cwe.mitre.org/data/definitions/863.html