CVE-2021-25991 MEDIUM

CVE-2021-25991: ifme - Improper Access Control leads to admin deactivation

Vendor Ifmeorg
Product ifme
Weakness CWE-284
Published December 29, 2021
Last update April 30, 2025

CVSS base score

5.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.

Key dates

02Disclosure timeline

December 29, 2021 CVE published
April 30, 2025 Record updated