CVE-2025-25968

MEDIUM

DDSN Interactive cm3 Acora CMS 10.1.1 - Improper Access Control via File Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-25968. PoCs published by padayali-JD.

AI-analyzed exploit summary The repository describes an improper access control vulnerability in DDSN Interactive cm3 Acora CMS v10.1.1, allowing editor-privileged users to access sensitive files like cm3.xml via force browsing, leading to potential privilege escalation.

Description

DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.

Exploits (1)

nomisec WRITEUP
by padayali-JD · poc
https://github.com/padayali-JD/CVE-2025-25968

The repository describes an improper access control vulnerability in DDSN Interactive cm3 Acora CMS v10.1.1, allowing editor-privileged users to access sensitive files like cm3.xml via force browsing, leading to potential privilege escalation.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: DDSN Interactive cm3 Acora CMS v10.1.1
Auth required
Prerequisites: Editor-level access to the CMS
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Product
http://ddsn.com

Scores

CVSS v3 6.0
EPSS 0.0093
EPSS Percentile 56.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-284
Status published
Products (1)
ddsn/cm3_acora_content_management_system 10.1.1
Published Feb 20, 2025
Tracked Since Feb 18, 2026