CVE-2025-47226

MEDIUM

Grokability Snipe-IT <8.1.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-47226. PoCs published by Sn1p3r-H4ck3r, koyomihack00.

AI-analyzed exploit summary This is a detailed writeup describing an Insecure Direct Object Reference (IDOR) vulnerability in Snipe-IT <= 8.0.4, allowing authenticated users to access asset assignment data of other departments by manipulating the `location_id` parameter.

Description

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.

Exploits (2)

exploitdb WRITEUP

by Sn1p3r-H4ck3r · textwebappsphp

https://www.exploit-db.com/exploits/52282

View Code ZIP pw:eip

This is a detailed writeup describing an Insecure Direct Object Reference (IDOR) vulnerability in Snipe-IT <= 8.0.4, allowing authenticated users to access asset assignment data of other departments by manipulating the `location_id` parameter.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Snipe-IT <= 8.0.4

Auth required

Prerequisites: Authenticated access to the application · Knowledge of valid location IDs

MITRE ATT&CK

T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by koyomihack00 · poc

https://github.com/koyomihack00/CVE-2025-47226

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-47226, an IDOR vulnerability in Snipe-IT <= v8.0.4. It includes root cause analysis, patch references, and step-by-step reproduction steps.

Classification

Writeup 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Snipe-IT <= v8.0.4

Auth required

Prerequisites: Valid login credentials for a low-privileged user · Access to the `/locations/{id}/printassigned` endpoint

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Product

https://github.com/grokability/snipe-it/compare/v8.0.4...v8.1.0

Issue Tracking

https://github.com/grokability/snipe-it/pull/16672

Patch, Release Notes

https://github.com/grokability/snipe-it/releases/tag/v8.1.0

Exploit, Patch, Third Party Advisory

https://github.com/koyomihack00/CVE-2025-47226/blob/main/PoC/idor-exploit.md

View Exploit ZIP pw:eip

Scores

CVSS v3 5.0

EPSS 0.0028

EPSS Percentile 51.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-639 CWE-425

Status published

Products (2)

snipe/snipe-it 0 - 8.1.0Packagist

snipeitapp/snipe-it < 8.1.0

Published May 02, 2025

Tracked Since Feb 18, 2026