Missing Authorization Vulnerability in Ability, Inc Accessibility Suite by Online ADA
CVE-2025-22698
6.3MEDIUM
Key Information:
- Vendor
- Ability, Inc
- Status
- Accessibility Suite By Online Ada
- Vendor
- CVE Published:
- 14 February 2025
Summary
A missing authorization vulnerability has been identified in the Accessibility Suite by Online ADA developed by Ability, Inc. This flaw allows attackers to exploit improperly configured access control security levels, potentially granting unauthorized access to sensitive areas and functionalities of the application. The vulnerability is present in versions from n/a through 4.16, emphasizing the importance of implementing robust access control measures to safeguard against possible exploitation. Users should promptly assess their configurations to mitigate risks associated with this issue.
Affected Version(s)
Accessibility Suite by Online ADA <= 4.16
References
CVSS V3.1
Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)