CVE-2025-14088

Summary

A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Affected Software

VendorProductVersion RangeStatus
ketrJEPaaS7.2.0affected
ketrJEPaaS7.2.1affected
ketrJEPaaS7.2.2affected
ketrJEPaaS7.2.3affected
ketrJEPaaS7.2.4affected
ketrJEPaaS7.2.5affected
ketrJEPaaS7.2.6affected
ketrJEPaaS7.2.7affected
ketrJEPaaS7.2.8affected

Weaknesses

  • CWE-285: Improper Authorization
  • CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References