CVE-2025-52670
20.11.2025, 20:16
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accountsEnginsight
| Vendor | Product | Version |
|---|---|---|
| revive-adserver | revive_adserver | 𝑥 ≤ 5.5.2 |
| revive-adserver | revive_adserver | 6.0.0 ≤ 𝑥 ≤ 6.0.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-639 - Authorization Bypass Through User-Controlled KeyThe system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
- CWE-862 - Missing AuthorizationThe software does not perform an authorization check when an actor attempts to access a resource or perform an action.
References