•
HIGH Severity
CVE-2025-47817
BlueWave Checkmate versions prior to 2.0.2 allows profile edit request to include a role parameter.
Overview
The software BlueWave Checkmate prior to 2.0.2 version has a vulnerability where a user's profile edit request can include a role parameter. This flaw can potentially lead to unauthorized access and modifications.
Technical Details
The attack can happen over a network without user interaction and with low complexity. The attacker needs low privileges for this attack and could have a high impact on the confidentiality, integrity and availability of the system.
CVSS Metrics
- CVSS Score: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Impact
If exploited, this vulnerability could lead to unauthorized access, data leakage, and potential full control of the victim's account.
Recommendations
- Update BlueWave Checkmate to the latest version.
- Regularly patch and update your software.
Threat Metrics
- cvss_score: 8.8
- severity: "HIGH"
- attack_vector: "NETWORK"
- attack_complexity: "LOW"