Description

The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value (e.g., [email protected]), an attacker can assume the session and gain full access to the target user's data and privileges. Also, if the email parameter is left blank, the application defaults to the first user in the list, who is typically the application administrator, resulting in an immediate Privilege Escalation to the highest level.

INFO

Published Date :

2025-11-25T00:00:00.000Z

Last Modified :

2025-11-26T14:33:07.025Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64062 vulnerability.

Vendors Products
Primakon
  • Pi Portal
  • Project Contract Management
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64062.

URL Resource
https://github.com/n3k7ar91/Vulnerabilites/blob/main/Primakon/CVE-2025-64062.md cve-icon cve-icon
https://www.primakon.com/rjesenja/primakon-pcm/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact