Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.3
Envanty Allows Attackers to Gain Unauthorized Access
CVE-2025-9062
Summary
A security issue in Envanty versions before 1.0.6 allows attackers to bypass security checks and access data they shouldn't have access to. This is a serious concern, as it could lead to sensitive information being exposed or modified. We recommend updating to version 1.0.6 or later to fix this issue.
Original title
Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6.
NO...
Original description
Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
The vulnerability was learned to be remediated through reporter information and testing.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
The vulnerability was learned to be remediated through reporter information and testing.
nvd CVSS3.1
7.3
Vulnerability type
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 19 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026