CVE-2025-42605
Improper Access Control Vulnerability in Meon Bidding Solutions
In short
Meon Bidding Solutions has a flaw in its API that fails to properly check who should access certain functions. An authenticated user can trick the system by changing request parameters to access and modify other people's accounts without permission.
Technical detail
CWE-639 improper authorization vulnerability in API endpoints handling initiation, modification, and cancellation operations. Authenticated remote attacker can manipulate request body parameters to bypass access controls and perform unauthorized operations on other user accounts. Impact includes unauthorized data manipulation across multiple user contexts.
Summary generated and translated by AI from the official description.
This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body to gain unauthorized access to other user accounts.
Successful exploitation of this vulnerability could allow remote attacker to perform authorized manipulation of data associated with other user accounts.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
Affected products
Meon · Bidding SolutionsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →