An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote access to content despite lack of the correct permission through a Broken Authorization Schema
| Vulnerability Type | (CWE-284) Incorrect Access Control |
| CVE Identifier | CVE-2025-54561 |
| CVSS Score | 7.6 |
| CVSS Vector | (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L) |
| Vendor | Desktop Alert |
| Affected Product | PingAlert Application Server |
| Affected Versions | 6.1.0.11 – 6.1.1.2 |
| Attacker | Any unauthenticated user |
| Impact | It allows remote access to content despite lack of the correct permission. |
| Mitigation | Fixed in version 6.1.1.5 |
We would like to thank NATO Cyber Security Centre (NCSC) for their assistance in uncovering and addressing this vulnerability, in particular Roberto Suggi Liverani NCIA/NCSC and Justin Hocquel NCIA/NCSC.