CVE-2025-4430 HIGH

CVE-2025-4430: Unauthorized file manipulation in EZD RP

Vendor Naukowa I Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy
Product EZD RP
Weakness CWE-862 · Missing authorization
Published May 14, 2025
Last update May 14, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP allows file manipulation.This issue affects EZD RP in versions before 20.19 (published on 22nd August 2024).

Key dates

02Disclosure timeline

May 14, 2025 CVE published
May 14, 2025 Record updated