The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges.
CVSS
No CVSS.
References
Configurations
No configuration.
History
No history.
Information
Published : 2026-01-22 22:16
Updated : 2026-01-26 15:04
NVD link : CVE-2025-14750
Mitre link : CVE-2025-14750
CVE.ORG link : CVE-2025-14750
JSON object : View
Products Affected
No product.
CWE
CWE-472
External Control of Assumed-Immutable Web Parameter