Home > Vulnerability Database > CVE-2025-10209

Mend.io Vulnerability Database

CVE-2025-10209

Good to know:

Date: September 10, 2025

A security flaw has been discovered in Papermerge DMS up to 3.5.3. This issue affects some unknown processing of the component Authorization Token Handler. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Severity Score

9.1

Related Resources (7)

Url: https://docs.google.com/document/d/19j0mCR-QOuhlxAJMir00Z8_MZdydVdmE_Ak09ra2NHw/edit?usp=sharing

Url: https://vuldb.com/?submit.639750

Url: https://docs.google.com/document/d/19j0mCR-QOuhlxAJMir00Z8_MZdydVdmE_Ak09ra2NHw/edit?tab=t.0

Url: https://vuldb.com/?id.323482

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-10209

Url: https://vuldb.com/?ctiid.323482

Url: https://www.mend.io/vulnerability-database/CVE-2025-10209

Severity Score

9.1

Weakness Type (CWE)

Improper Authorization

CWE-285

Incorrect Privilege Assignment

CWE-266

Top Fix

Upgrade Version

Upgrade to version https://github.com/ciur/papermerge.git - null;https://github.com/ciur/papermerge.git - null

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-10209

Good to know:

Date: September 10, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?