CVE-2018-25129 HIGH

CVE-2018-25129: SOCA Access Control System 180612 Information Disclosure via Multiple Endpoints

Vendor Soca Technology Co., Ltd
Product SOCA Access Control System
Weakness CWE-639 · IDOR
Published December 24, 2025
Last update December 24, 2025

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_From_DB.php and Ac10_ReadSortCard.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
December 24, 2025 Record updated

Related vulnerabilities

04Related CVE