Assaabloy Control Id Idsecure — known CVE vulnerabilities
Every CVE whose affected-product data names Assaabloy Control Id Idsecure, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2023-33371 — CVSS 9.8 (critical): Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing…
CVE-2023-33367 — CVSS 9.8 (critical): A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on…
CVE-2025-49851 — CVSS 9.8 (critical): ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an improper authentication vulnerability which could allow an…
CVE-2025-49853 — CVSS 9.1 (critical): ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary…
CVE-2023-33369 — CVSS 9.1 (critical): A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure…
CVE-2023-33370 — CVSS 7.5 (high): An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of…
CVE-2025-49852 — CVSS 7.5 (high): ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow…
CVE-2023-33368 — CVSS 6.5 (medium): Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these…
CVE-2023-2044 — CVSS 3.5 (low): A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of…