CVE-2025-42605 CRITICAL

CVE-2025-42605: Improper Access Control Vulnerability in Meon Bidding Solutions

Vendor Meon
Product Bidding Solutions
Weakness CWE-639 · IDOR
Published April 23, 2025
Last update April 23, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body to gain unauthorized access to other user accounts. Successful exploitation of this vulnerability could allow remote attacker to perform authorized manipulation of data associated with other user accounts.

Key dates

02Disclosure timeline

April 23, 2025 CVE published
April 23, 2025 Record updated