CVE-2025-11853

Summary

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
SismicsTeedy1.0affected
SismicsTeedy1.1affected
SismicsTeedy1.2affected
SismicsTeedy1.3affected
SismicsTeedy1.4affected
SismicsTeedy1.5affected
SismicsTeedy1.6affected
SismicsTeedy1.7affected
SismicsTeedy1.8affected
SismicsTeedy1.9affected
SismicsTeedy1.10affected
SismicsTeedy1.11affected

Weaknesses

  • CWE-284: Improper Access Controls
  • CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References