Access Control Flaw in Team Showcase by cmoreira
CVE-2025-49248
4.3MEDIUM
What is CVE-2025-49248?
A missing authorization vulnerability in the Team Showcase plugin by cmoreira exposes users to improperly configured access control security levels. This flaw allows unauthorized access to sensitive functionality, potentially compromising user data and application integrity. The vulnerability requires immediate attention to mitigate risks associated with access control misconfigurations.
Affected Version(s)
Team Showcase < 25.05.13
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)