CVE-2025-47226: Grokability Snipe-IT has incorrect authorization for accessing asset information

May 2, 2025 (updated May 5, 2025)

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.

References

github.com/advisories/GHSA-h3vp-qwmx-5j25
github.com/grokability/snipe-it
github.com/grokability/snipe-it/compare/v8.0.4...v8.1.0
github.com/grokability/snipe-it/pull/16672
github.com/grokability/snipe-it/releases/tag/v8.1.0
github.com/koyomihack00/CVE-2025-47226/blob/main/PoC/idor-exploit.md
nvd.nist.gov/vuln/detail/CVE-2025-47226

Code Behaviors & Features

Detect and mitigate CVE-2025-47226 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →