CVE Catalog

CVE-2025-51682

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile - higher than 30% of all known CVEs

Summary

The vulnerability in mJobtime 15.7.2 handles authorization on the client side, allowing an attacker to modify client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly.

Risk Assessment

The risk for the organization includes unauthorized access to the administrative panel, which can lead to privilege escalation, data theft, or full compromise of the mJobtime system.

Recommendation

Immediately update mJobtime to a version where authorization is handled server-side, and implement server-side request validation mechanisms.

Original NVD description (English source)

mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS