CVE-2021-25991

high

Description

In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.

References

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25991

https://github.com/ifmeorg/ifme/commit/d1f570c458d41667df801fc9c40a18b181a2d923

Details

Source: Mitre, NVD

Published: 2021-12-29

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

Severity: High

EPSS

EPSS: 0.00182

Detections

Analytics