{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T07:20:45.317","vulnerabilities":[{"cve":{"id":"CVE-2025-0637","sourceIdentifier":"cve-coordination@incibe.es","published":"2025-01-23T16:15:36.617","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for other roles. The vulnerability has been identified at least in the file or path ‘/app/tools.html’."},{"lang":"es","value":"Se ha detectado que el software Beta10 no contempla un control adecuado de las autorizaciones en múltiples áreas de la aplicación. Esta deficiencia podría permitir a un actor malintencionado acceder, sin autenticación, a áreas privadas y/o destinadas a otros roles. La vulnerabilidad ha sido identificada al menos en el archivo o ruta ‘/app/tools.html’."}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-beta10","source":"cve-coordination@incibe.es"}]}}]}