CVE-2025-57969: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2024-57969) affects MISP versions before 2.4.198, where app/Model/Attribute.php ignores an Access Control List (ACL) during a GUI attribute search. The issue was disclosed on February 14, 2025, and received its initial analysis by NIST on July 9, 2025 (NIST NVD).

The vulnerability is classified as CWE-863 (Incorrect Authorization) with a CVSS v3.1 Base Score of 4.3 (MEDIUM). The vulnerability vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility, low attack complexity, required low privileges, no user interaction, unchanged scope, low confidentiality impact, and no impact on integrity or availability (NIST NVD).

The vulnerability's primary impact is related to confidentiality, with a low severity rating. The incorrect authorization in the GUI attribute search functionality could potentially allow attackers to bypass access controls and access information they shouldn't be able to view (NIST NVD).

The vulnerability has been patched in MISP version 2.4.198. Users are advised to upgrade to this version or later to address the security issue. The fix can be found in the official MISP repository (MISP Patch, MISP Release).