CVE-2025-1542 CRITICAL

CVE-2025-1542: Improper permission control in OXARI ServiceDesk

Vendor Infonet Projekt Sa
Product OXARI ServiceDesk
Weakness CWE-425 · Forced browsing
Published March 26, 2025
Last update October 3, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI ServiceDesk in versions before 2.0.324.0.

Key dates

02Disclosure timeline

March 26, 2025 CVE published
October 3, 2025 Record updated