CVE-2025-29556

HIGH

ExaGrid EX10 <7.0.1.P08 - Privilege Escalation

Title source: llm

Description

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation, altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval.

Exploits (1)

nomisec WORKING POC
by 0xsu3ks · poc
https://github.com/0xsu3ks/CVE-2025-29556

References (2)

Scores

CVSS v3 7.3
EPSS 0.0009
EPSS Percentile 25.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-284
Status published
Published Jul 31, 2025
Tracked Since Feb 18, 2026