Authorization Bypass Vulnerability in Profession Fit by Henkel CyberVM
CVE-2025-59797

5.8MEDIUM

Key Information:

Vendor: Profession Fit
Status: Profession Fit
Vendor: CVE Published:; 22 September 2025

🔔 Create Profession Fit Vulnerability Alert

What is CVE-2025-59797?

The authorization bypass flaw in Profession Fit versions allows an attacker to circumvent normal authentication mechanisms by directly requesting certain API endpoints, including '/api/challenges/{id}' and other sensitive URLs. This vulnerability could lead to unauthorized access to user management functions and other critical features, posing a significant risk to the security and integrity of user data.

Affected Version(s)

Profession Fit 5.0.99 Build 44910

References

https://www.profession-fit.de

https://github.com/Henkel-CyberVM/CVEs/blob/main/CVE-2025...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2025
Vulnerability Reserved
Sep 22, 2025