CVE-2025-64063 affects Primakon Pi Portal version 1.0.18, where the API endpoints responsible for administrative functions fail to enforce sufficient authorization controls. This lack of proper access control means that a standard user, who normally has limited privileges through the UI, can craft and send direct HTTP requests to administrative API endpoints. These endpoints include user management and document retrieval functions. As a result, an attacker can perform unauthorized account modifications such as changing or deleting arbitrary user accounts and resetting passwords. Additionally, the attacker can access and download confidential organizational documents by directly querying the document retrieval API. The vulnerability also enables privilege escalation by manipulating core system functions, potentially granting the attacker full administrative control over the system. The CVSS 3.1 base score of 9.8 reflects the vulnerability’s critical nature, with network attack vector, no required privileges, no user interaction, and high impact on confidentiality, integrity, and availability. Although no public exploits have been reported yet, the simplicity of exploitation and the severity of impact make this a high-risk vulnerability. The root cause is a failure to implement proper authorization checks (CWE-285) on sensitive API endpoints, allowing unauthorized access and manipulation of critical system resources.

For European organizations using Primakon Pi Portal 1.0.18, this vulnerability poses a severe risk to operational security and data protection compliance. Unauthorized account modifications and privilege escalation can lead to insider-level access by external attackers, undermining trust and control over user identities. Confidential data exposure through unauthorized document retrieval threatens intellectual property, customer data, and sensitive business information, potentially violating GDPR and other data protection regulations. The ability to delete or alter user accounts and system data can disrupt business continuity and cause significant reputational damage. Given the critical severity and ease of exploitation, organizations face risks of data breaches, operational disruption, and regulatory penalties. The vulnerability’s exploitation could also facilitate lateral movement within networks, increasing the scope of compromise. European entities in sectors such as finance, healthcare, government, and critical infrastructure that rely on Primakon Pi Portal are particularly vulnerable to these impacts.

Organizations should immediately audit their use of Primakon Pi Portal 1.0.18 and restrict access to the affected API endpoints through network segmentation and firewall rules to limit exposure. Implement strict API gateway policies enforcing authorization checks at the API level, independent of UI controls. Employ Web Application Firewalls (WAFs) with custom rules to detect and block unauthorized API requests targeting administrative endpoints. Conduct thorough code reviews and penetration testing focusing on authorization logic to identify and remediate similar flaws. If possible, disable or restrict user management and document retrieval APIs until a vendor patch is available. Monitor logs for unusual API access patterns indicative of exploitation attempts. Enforce multi-factor authentication (MFA) for all administrative accounts to reduce the impact of compromised credentials. Engage with Primakon for timely security patches or updates addressing this vulnerability. Finally, prepare incident response plans to quickly contain and remediate any exploitation events.