User Role Misconfiguration in Black Duck SCA by Synopsys
CVE-2025-0504

5.3MEDIUM

Key Information:

Vendor: Black Duck
Status: Black Duck Sca
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-0504?

The vulnerability arises from the misconfiguration of user role permissions in Black Duck SCA, particularly affecting versions prior to 2025.10.0. The Project Manager role, by design, possesses Global User Read access, inadvertently allowing users to access critical functionalities reserved for Project Administrators. While this does not provide full system control, it potentially enables unauthorized modifications to project settings and the possibility of accessing sensitive project information, which could compromise the security and integrity of the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Black Duck SCA 0 < 2025.10.0

References

https://community.blackduck.com/s/article/Black-Duck-Prod...

vendor-advisorypatch

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Jan 15, 2025

JSON

Black Duck

What is CVE-2025-0504?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.