CVE-2018-25129

HIGH

SOCA Access Control System 180612 - Info Disclosure

Title source: llm

Description

SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_From_DB.php and Ac10_ReadSortCard.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/46832

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/46832

Various Sources product

http://www.socatech.com

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5517.php

Scores

CVSS v3 7.5

EPSS 0.0007

EPSS Percentile 21.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (3)

SOCA Technology Co., Ltd/SOCA Access Control System 141007

SOCA Technology Co., Ltd/SOCA Access Control System 170000

SOCA Technology Co., Ltd/SOCA Access Control System 180612

Published Dec 24, 2025

Tracked Since Feb 18, 2026