CVE-2025-64065

EPSS 0.06% · P17 Updated Nov 26, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-64065

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Primakon Pi Portal 1.0.18 API /api/V2/pp_udfv_admin endpoint, fails to perform necessary server-side validation. The administrative LoginAs or user impersonation feature is vulnerable to a access control failure. This flaw allows any authenticated low-privileged user to execute a direct PATCH request, enabling them to impersonate any other arbitrary user, including application Administrators. This is due to a Broken Function Level Authorization failure (the function doesn't check the caller's privilege) compounded by an Insecure Design that permits a session switch without requiring the target user's password or an administrative token and only needs email of user.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Primakon Pi Portal 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Primakon Pi Portal是克罗地亚Primakon公司的一个项目、合同管理平台。 Primakon Pi Portal 1.0.18版本存在安全漏洞，该漏洞源于/api/V2/pp_udfv_admin端点验证不足，可能导致用户冒充。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2025-64065

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-64065

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2025-64065

Same Patch Batch · n/a · 2025-11-25 · 21 CVEs total

CVE-2025-61167		SIGB PMB 安全漏洞
CVE-2025-63735		CommScope Ruckus Unleashed 安全漏洞
CVE-2025-51741		Echo 安全漏洞
CVE-2025-51746		jshERP 安全漏洞
CVE-2025-51743		jshERP 安全漏洞
CVE-2025-51744		jshERP 安全漏洞
CVE-2025-51745		jshERP 安全漏洞
CVE-2025-51742		jshERP 安全漏洞
CVE-2025-65647		PHPGurukul Online Shopping Portal 安全漏洞
CVE-2025-64067		Primakon Pi Portal 安全漏洞
CVE-2025-64049		REDAXO 安全漏洞
CVE-2025-61168		SIGB PMB 安全漏洞
CVE-2025-64064		Primakon Pi Portal 安全漏洞
CVE-2025-64063		Primakon Pi Portal 安全漏洞
CVE-2025-64062		Primakon Pi Portal 安全漏洞
CVE-2025-64066		Primakon Pi Portal 安全漏洞
CVE-2025-64061		Primakon Pi Portal 安全漏洞
CVE-2025-63729		Syrotech SY-GPON-1110-WDONT 安全漏洞
CVE-2025-60739		Ilevia EVE X1 Server 安全漏洞
CVE-2025-64050		REDAXO 安全漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2025-64065

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-64065

I. Basic Information for CVE-2025-64065

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-64065

III. Intelligence Information for CVE-2025-64065

Same Patch Batch · n/a · 2025-11-25 · 21 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-64065

Leave a comment