CVE-2025-8025

Summary

Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Dinosoft ERP: from < 3.0.1 through 11022026.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
Dinosoft Business SolutionsDinosoft ERP< 3.0.1 <= 11022026affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function
  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References