{"id":67179,"date":"2025-07-31T21:32:00","date_gmt":"2025-07-31T18:02:00","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-29556-exagrid-ex10-incorrect-access-control-bypass\/"},"modified":"2025-07-31T21:32:00","modified_gmt":"2025-07-31T18:02:00","slug":"cve-2025-29556-exagrid-ex10-incorrect-access-control-bypass","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-29556-exagrid-ex10-incorrect-access-control-bypass\/","title":{"rendered":"CVE-2025-29556 &#8211; ExaGrid EX10 Incorrect Access Control Bypass"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-29556<br \/>\n<br \/>\n<strong>Published : <\/strong> July 31, 2025, 4:15 p.m. | 1\u00a0hour, 18\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>ExaGrid EX10 6.3 &#8211; 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation, altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 0.0 | NA<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-29556 Published : July 31, 2025, 4:15 p.m. | 1\u00a0hour, 18\u00a0minutes ago Description : ExaGrid EX10 6.3 &#8211; 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-67179","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/67179","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=67179"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/67179\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=67179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=67179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=67179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}