This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: CVE-2025-26853 is a critical security flaw in DESCOR INFOCAD. It stems from a broken **Authorization Mechanism**. π **Consequences**: The system fails to verify user permissions correctly.β¦
π‘οΈ **Root Cause**: The core issue is **CWE-863: Incorrect Authorization**. The software does not properly enforce access controls. Users can access resources they are not entitled to.β¦
π’ **Affected Entities**: The vulnerability impacts **DESCOR INFOCAD FM**. Specifically, versions **3.5.1 and earlier** are at risk. Any organization using these older versions for BIM or facility management is exposed.β¦
π **Attacker Capabilities**: Hackers can achieve **Full System Compromise**. With a CVSS score indicating High impact on C/I/A, they can: π Read sensitive BIM data. βοΈ Modify critical facility records.β¦
β‘ **Exploitation Threshold**: The bar is **Extremely Low**. The CVSS vector shows: π Network Accessible (AV:N). π No Privileges Required (PR:N). π« No User Interaction Needed (UI:N). π Low Complexity (AC:L).β¦
π **Public Exploit Status**: Currently, **No Public PoC/Exploit** is listed in the data. However, the low complexity and lack of auth requirements make it highly attractive.β¦
π **Self-Check Method**: Scan your infrastructure for **DESCOR INFOCAD FM** instances. Check the version number against **3.5.1**. If you are running v3.5.1 or older, you are vulnerable.β¦
π§ **No Patch Workaround**: If you cannot patch immediately: π« Restrict network access to the INFOCAD server. Use a **Firewall** to block external traffic. Implement strict **Network Segmentation**.β¦
π₯ **Urgency Level**: **CRITICAL / IMMEDIATE ACTION REQUIRED**. The CVSS score is effectively 10.0 (High C/I/A, Low AC, No Auth). This is a remote code execution-level risk for data integrity. Do not delay.β¦