Missing Authorization Flaw in Sprout Invoices by Sprout Invoices
CVE-2025-24606
6.4MEDIUM
Key Information:
- Vendor
- Sprout Invoices
- Status
- Client Invoicing By Sprout Invoices
- Vendor
- CVE Published:
- 27 January 2025
Summary
The Sprout Invoices Client Invoicing software contains a missing authorization vulnerability that arises from incorrectly configured access control security levels. This flaw could allow unauthorized users to exploit the system's functionality, compromising sensitive invoicing data. Users of the affected versions, including from n/a up to 20.8.1, are urged to assess their security settings to mitigate the risks associated with this vulnerability.
Affected Version(s)
Client Invoicing by Sprout Invoices <= 20.8.1
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)