CVE-2024-25169

CRITICAL

Mezzanine 6.0.0 - Improper Access Control in Admin Panel

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-25169. PoCs published by shenhav12.

AI-analyzed exploit summary The repository contains only a README.md file describing an access control bypass vulnerability in Mezzanine CMS v6.0.0 (CVE-2024-25169) but lacks any actual exploit code or proof-of-concept details.

Description

An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.

Exploits (1)

nomisec STUB

by shenhav12 · poc

https://github.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0

View Code ZIP pw:eip

The repository contains only a README.md file describing an access control bypass vulnerability in Mezzanine CMS v6.0.0 (CVE-2024-25169) but lacks any actual exploit code or proof-of-concept details.

Classification

Stub 90%

Attack Type

Auth Bypass

Complexity

Theoretical

Reliability

Theoretical

Target: Mezzanine CMS v6.0.0

No auth needed

Prerequisites: Access to the admin panel endpoint

MITRE ATT&CK

T1562.001 - Disable or Modify Tools

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory

https://github.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0

Exploit

https://ibb.co/JKh4hmD

Exploit

https://ibb.co/Pt9qd8t

Exploit

https://ibb.co/hLLPTVp

Exploit

https://ibb.co/rfrKj3r

Scores

CVSS v3 9.8

EPSS 0.0105

EPSS Percentile 78.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (2)

jupo/mezzanine 6.0.0

pypi/Mezzanine 0PyPI

Published Feb 28, 2024

Tracked Since Feb 18, 2026