Skip to main content

CVE-2025-23971: CWE-862 Missing Authorization in whassan KI Live Video Conferences

Medium
VulnerabilityCVE-2025-23971cvecve-2025-23971cwe-862
Published: Fri Jun 06 2025 (06/06/2025, 12:54:40 UTC)
Source: CVE Database V5
Vendor/Project: whassan
Product: KI Live Video Conferences

Description

Missing Authorization vulnerability in whassan KI Live Video Conferences allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects KI Live Video Conferences: from n/a through 5.5.15.

AI-Powered Analysis

AILast updated: 07/07/2025, 19:58:35 UTC

Technical Analysis

CVE-2025-23971 is a Missing Authorization vulnerability (CWE-862) found in the whassan KI Live Video Conferences product, affecting versions up to 5.5.15. This vulnerability arises from incorrectly configured access control security levels, allowing unauthorized users to perform actions or access resources that should be restricted. The vulnerability does not require authentication (PR:N) or user interaction (UI:N), and can be exploited remotely over the network (AV:N) with low attack complexity (AC:L). The impact is limited to integrity (I:L), meaning unauthorized modification or manipulation of data or conference settings is possible, but confidentiality and availability are not directly affected. The CVSS v3.1 base score is 5.3, categorized as medium severity. No known exploits are currently reported in the wild, and no patches or fixes have been linked yet. The vulnerability could allow attackers to interfere with live video conference sessions, potentially altering meeting parameters, injecting unauthorized content, or disrupting the intended flow of communication by unauthorized changes, which could undermine trust and operational security in sensitive communications.

Potential Impact

For European organizations, this vulnerability poses a moderate risk, especially for entities relying on KI Live Video Conferences for confidential or regulated communications, such as government bodies, financial institutions, healthcare providers, and large enterprises. Unauthorized integrity modifications could lead to misinformation, manipulation of meeting content, or unauthorized changes to participant permissions, which may result in compliance violations under GDPR or sector-specific regulations. Although confidentiality is not directly compromised, the integrity breach could indirectly affect decision-making processes and operational security. The lack of authentication requirement increases the risk of opportunistic attacks from external threat actors. Given the increasing reliance on video conferencing for remote work and cross-border collaboration in Europe, this vulnerability could disrupt business continuity and erode trust in communication platforms if exploited.

Mitigation Recommendations

Organizations using KI Live Video Conferences should immediately review and harden access control configurations to ensure proper authorization checks are enforced for all sensitive actions and resources. Network-level restrictions such as IP whitelisting or VPN access can reduce exposure. Monitoring and logging of conference activities should be enhanced to detect unusual or unauthorized modifications. Until an official patch is released, consider deploying compensating controls such as restricting conference creation and management privileges to trusted administrators only. User training to recognize and report suspicious conference behavior is also recommended. Regularly check for vendor updates or security advisories to apply patches promptly once available. Additionally, consider evaluating alternative video conferencing solutions with stronger security postures if the risk is unacceptable.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-01-16T11:33:05.292Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6842f14971f4d251b5c95e96

Added to database: 6/6/2025, 1:46:49 PM

Last enriched: 7/7/2025, 7:58:35 PM

Last updated: 8/1/2025, 10:40:47 PM

Views: 20

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats