Description

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate data outside their assigned scope, including: Unauthorized Account modification, modifying/deleting arbitrary user accounts and changing passwords by sending a direct request to the user management API endpoint; Confidential Data Access, accessing and downloading sensitive organizational documents via a direct request to the document retrieval API; Privilege escalation, This vulnerability can lead to complete compromise of data integrity and confidentiality, and Privilege Escalation by manipulating core system functions.

INFO

Published Date :

2025-11-25T00:00:00.000Z

Last Modified :

2025-11-26T16:50:38.299Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64063 vulnerability.

Vendors Products
Primakon
  • Pi Portal
  • Project Contract Management
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64063.

URL Resource
https://github.com/n3k7ar91/Vulnerabilites/blob/main/Primakon/CVE-2025-64063.md cve-icon cve-icon
https://www.primakon.com/rjesenja/primakon-pcm/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact