Authorization Flaw in Grokability Snipe-IT Affects Asset Information Access
CVE-2025-47226

3.3LOW

Key Information:

Vendor: Snipeitapp
Status: Snipe-it
Vendor: CVE Published:; 2 May 2025

What is CVE-2025-47226?

The Grokability Snipe-IT system prior to version 8.1.0 is susceptible to an authorization issue that permits unauthorized access to sensitive asset information. This flaw can potentially allow malicious actors to exploit access controls, thereby gaining unauthorized insights into asset management functions. Users are advised to upgrade to version 8.1.0 or later to mitigate these vulnerabilities and enhance their security posture.

Affected Version(s)

Snipe-IT 0 < 8.1.0

References

https://github.com/grokability/snipe-it/pull/16672

https://github.com/grokability/snipe-it/compare/v8.0.4......

https://github.com/grokability/snipe-it/releases/tag/v8.1.0

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2025
Vulnerability Reserved
May 2, 2025

JSON

Snipeitapp

What is CVE-2025-47226?

Affected Version(s)

References

CVSS V3.1

Timeline