Missing Authentication Flaw in haxxorsid Stock-Management-System
CVE-2025-14567

6.9MEDIUM

Key Information:

Vendor: Haxxorsid
Status: Stock-management-system
Vendor: CVE Published:; 12 December 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-14567?

A critical flaw exists in the haxxorsid Stock-Management-System, specifically within an unknown function in the /api/employees file that leads to missing authentication checks. This weakness allows for potential remote exploitation, posing a significant security risk for environments using the affected product version up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. The vendor has not responded to early disclosures, and the exploit is publicly available, making it a pressing concern for users of unsupported versions.

Affected Version(s)

Stock-Management-System fbbbf213e9c93b87183a3891f77e3cc7095f22b0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-14567 - Proof of Concept

References

https://vuldb.com/?id.336191

vdb-entry

https://vuldb.com/?ctiid.336191

signaturepermissions-required

https://vuldb.com/?submit.703879

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 12, 2025
👾
Exploit known to exist
Dec 12, 2025
Vulnerability published
Dec 12, 2025
Vulnerability Reserved
Dec 12, 2025

Credit

ixpqxi (VulDB User)

JSON

Haxxorsid

Badges

What is CVE-2025-14567?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit