CVE-2025-27581
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Apr 24, 2025
Updated: Apr 29, 2025
CWE ID 425
Summary
CVE-2025-27581 is a vulnerability affecting the NIH BRICS (Biomedical Research Informatics Computing System) prior to version 14.0.0-67. This issue allows users without the InET role to gain unauthorized access to the InET module by making direct requests to known endpoints. This can potentially lead to unintended system interactions and data exposure, posing a significant risk to the confidentiality and integrity of the affected system. It's crucial for users to upgrade to the latest version to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Defense Advanced Research Projects Agency (DARPA)