CVE-2025-51682
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk30th percentile - higher than 30% of all known CVEs
Summary
The vulnerability in mJobtime 15.7.2 handles authorization on the client side, allowing an attacker to modify client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly.
Risk Assessment
The risk for the organization includes unauthorized access to the administrative panel, which can lead to privilege escalation, data theft, or full compromise of the mJobtime system.
Recommendation
Immediately update mJobtime to a version where authorization is handled server-side, and implement server-side request validation mechanisms.
Original NVD description (English source)
mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly.

