User Role Misconfiguration in Black Duck SCA by Synopsys
CVE-2025-0504

5.3MEDIUM

Key Information:

Vendor: Black Duck
Status: Black Duck Sca
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-0504?

The vulnerability arises from the misconfiguration of user role permissions in Black Duck SCA, particularly affecting versions prior to 2025.10.0. The Project Manager role, by design, possesses Global User Read access, inadvertently allowing users to access critical functionalities reserved for Project Administrators. While this does not provide full system control, it potentially enables unauthorized modifications to project settings and the possibility of accessing sensitive project information, which could compromise the security and integrity of the system.

Affected Version(s)

Black Duck SCA 0 < 2025.10.0

References

https://community.blackduck.com/s/article/Black-Duck-Prod...

vendor-advisorypatch

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Jan 15, 2025

JSON