CVE-2025-22592

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 7, 2025
CWE ID 862

Summary

CVE-2025-22592 is a critical vulnerability affecting the Lenderd 1003 Mortgage Application. The issue involves missing authorization checks, enabling unauthorized access to functionality that is not properly constrained by Access Control Lists (ACLs). This flaw allows unauthorized users to gain excessive privileges, potentially leading to sensitive data exposure or system manipulation. The vulnerability affects all versions of the 1003 Mortgage Application from n/a through 1.87. Organizations using this application should apply the available patch as soon as possible to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share