CVE-2025-43947

HIGH

Codemers Klims < 1.6_dev - Improper Access Control

Title source: rule

Description

Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc.

References (2)

Core 2

Core References

Product

https://de.linkedin.com/company/codemers

Exploit, Third Party Advisory

https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43947

View Exploit ZIP pw:eip

Scores

CVSS v3 7.3

EPSS 0.0032

EPSS Percentile 54.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

codemers/klims < 1.6_dev

Published Apr 22, 2025

Tracked Since Feb 18, 2026