Vulnerability Details CVE-2025-64061
Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Any authenticated user, regardless of their privilege level (including standard or low-privileged users), can make a GET request to this endpoint and retrieve a complete, unfiltered list of all registered application users. Crucially, the API response body for this endpoint includes password hashes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.0%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2025-64061
-
cpe:2.3:a:primakon:project_contract_management:1.0.18