# CVE-2025-27893: Improper Access Control in Archer Platform
## Description
A **Improper Access Control (CWE-284)** vulnerability exists in Archer Platform versions 6 through 6.14.00202.10024. An authenticated user with record creation privileges can manipulate immutable fields, such as the **creation date**, by intercepting and modifying a **Copy** request via a `GenericContent/Record.aspx?id=` URI.
This enables unauthorized modification of system-generated metadata, compromising data integrity and potentially impacting auditing, compliance, and security controls.
## Affected Products
- **Vendor**: ArcherIRM
- **Product**: Archer
- **Affected Versions**: 6.14.00202.10024
## Vulnerability Type
- **CWE-284: Improper Access Control**
- **CWE-639: Authorization Bypass Through User-Controlled Key**
## Impact
- **Data Integrity Compromise**: Allows unauthorized users to manipulate system-generated metadata.
- **Audit and Compliance Risk**: Can impact compliance monitoring and record integrity.
## Affected Component
The vulnerability affects the **integrity of records** within the Archer system.
## Attack Vectors
### Prerequisites
- The attacker must have an authenticated user account with **record creation privileges**.
- This is a **standard privilege** in the system.
### Exploitation Steps
1. **Target Selection**: Identify an existing record to manipulate.
2. **Initiate the Copy Function**: The attacker selects the record and clicks the three-dot menu to copy it, generating the following request:
```http
POST /RSAarcher/GenericContent/Record.aspx?id=RECORD_ID&moduleId=NUM&levelSelection=NUM&RecordSet=True&Mode=Edit&pr=VALUE&rr=VALUE
```
3. **Intercept and Modify the Request**: Using an interception tool (e.g., Burp Suite), the attacker captures the request and alters immutable fields such as the **creation date**.
4. **Submit the Modified Request**: Instead of proceeding with the copy operation, the attacker **cancels the operation** after submission, effectively bypassing the system's enforcement of immutable fields.
## Discoverer
- **Name**: Hattan Hassan D Althobaiti
## References
- [ArcherIRM Official Website](https://archerirm.com)
- [CWE-284: Improper Access Control](https://cwe.mitre.org/data/definitions/284.html)
- [CWE-639: Authorization Bypass Through User-Controlled Key](https://cwe.mitre.org/data/definitions/639.html)
## Mitigation
- **Vendor Action**: The vendor should enforce strict **server-side validation** to prevent modification of immutable fields.
- **Security Controls**: Implement **logging and monitoring** to detect unauthorized record modifications.
---
**Disclaimer**: This disclosure is for informational purposes only. The discoverer and publisher are not responsible for any misuse of the disclosed vulnerability.
[4.0K] /data/pocs/08aa383114e6af8a5a098d8071faa8194460df0f
└── [2.7K] README.md
0 directories, 1 file