CVE-2025-26853
EUVD-2025-714920.03.2025, 20:15
DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| descor | infocad | 𝑥 < 3.5.2.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| descor | infocad_fm | 𝑥 < 3.5.2.0 | CNA |
Common Weakness Enumeration
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
- CWE-862 - Missing AuthorizationThe software does not perform an authorization check when an actor attempts to access a resource or perform an action.