CVE-2024-12125

HIGH 7.5

3scale-porta: readonly fields not validated server-side

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information.

CWE	CWE-281
Vendor	3scale
Product	porta
Published	Nov 6, 2025
Last Updated	Dec 24, 2025

Stay Ahead of the Next One

Get instant alerts for 3scale porta

Be the first to know when new high vulnerabilities affecting 3scale porta are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected Versions

3scale / porta

0 < 3scale-2.16.0-GA

Red Hat / Red Hat 3scale API Management Platform 2

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-12125 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2330214