Overview
CVE-2025-64061 details a significant vulnerability in Primakon Pi Portal version 1.0.18. This flaw exposes sensitive user data, including password hashes, to unauthorized access. The issue stems from deficient access control mechanisms within the /api/v2/users endpoint. Any authenticated user, regardless of their privilege level, can retrieve a complete list of all registered application users and their associated data, posing a serious security risk.
Technical Details
The vulnerability lies in the lack of proper access control checks on the /api/v2/users API endpoint. An authenticated user can send a simple GET request to this endpoint and receive a JSON response containing a list of all users. Critically, this response includes password hashes, allowing a malicious actor to potentially crack these hashes and gain unauthorized access to user accounts. There are no permission restrictions in place; even a low-privileged user can obtain this sensitive data.
Example request:
GET /api/v2/users HTTP/1.1
Host: example.com
Authorization: Bearer [Your Authentication Token]
The response will contain user data including password hashes, opening possibilities for brute-force password cracking attacks.
CVSS Analysis
Currently, a CVSS score for CVE-2025-64061 is not available (N/A). However, given the nature of the vulnerability and the potential for widespread user data compromise, it’s likely to be classified as High or Critical severity once assessed. The ability for any authenticated user to retrieve password hashes greatly increases the risk to the system.
Possible Impact
The potential impact of this vulnerability is substantial:
- Account Takeover: Compromised password hashes can be cracked, leading to unauthorized access to user accounts.
- Data Breach: Exposure of user data, including personally identifiable information (PII), can lead to data breaches and compliance violations.
- Lateral Movement: Compromised accounts can be used to gain access to other systems and resources within the organization.
- Reputational Damage: A successful exploitation can severely damage the reputation of Primakon and its customers.
Mitigation and Patch Steps
To mitigate the risks associated with CVE-2025-64061, the following steps are recommended:
- Apply the Patch: Upgrade Primakon Pi Portal to a version that addresses this vulnerability. Contact Primakon support for the latest patched version.
- Implement Access Controls: Implement robust access control mechanisms on the
/api/v2/usersendpoint to restrict access to authorized users only (e.g., administrators). - Password Reset: Consider forcing a password reset for all users to mitigate the risk of already compromised password hashes.
- Web Application Firewall (WAF): Deploy a WAF to filter malicious requests and prevent unauthorized access to the vulnerable endpoint.
- Monitor Logs: Monitor application logs for suspicious activity, such as unauthorized access attempts to the
/api/v2/usersendpoint.
