CVE-2025-27893 LOW

CVE-2025-27893

Vendor Archer
Product Archer
Weakness CWE-472
Published March 11, 2025
Last update August 8, 2025

CVSS base score

1.8/10
Attack vector Adjacent
Attack complexity High
Privileges required High
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a GenericContent/Record.aspx?id= URI. NOTE: the Supplier analyzed the reported exploitation steps and found that, although the user can modify the immutable field, upon switching to View mode the field is reverted to its original value, without anything being saved to the database (and consequently there is no impact).

Key dates

02Disclosure timeline

March 11, 2025 CVE published
August 8, 2025 Record updated