CVE Daily

CVE-2025-4129

Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO...

High CVSS 7.5

Overview

Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers.This issue affects PAVO Pay: before 13.05.2025.

CWE: CWE-639 Published: 2025-07-21T14:15:29.397
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: unauth_access (tag impact: HIGH)

Recommended actions:

  • Enforce authentication/authorization; reduce default endpoint exposure.

Recommended tools

Tags