CVE-2025-49851 HIGH

CVE-2025-49851: Improper Authentication in ControlID iDSecure On-premises

Vendor Controlid
Product iDSecure On-premises
Weakness CWE-287 · Improper authentication
Published June 24, 2025
Last update June 27, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an improper authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product.

Key dates

02Disclosure timeline

June 24, 2025 CVE published
June 27, 2025 Record updated