CVE-2025-15244
6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Summary
A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been disclosed to the public and may be used.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | PHPEMS | 11.0 | affected |
Weaknesses
- CWE-362: Race Condition
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/?id.338634
- https://vuldb.com/?ctiid.338634
- https://vuldb.com/?submit.725727
- https://byebydoggy.github.io/post/2025/1229-phpems-points-race-condition-poc/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.