CVE-2025-8049: 
Homebrew vulnerability analysis and mitigation

CVE-2025-8049 is an Insufficient Granularity of Access Control vulnerability discovered in OpenText Flipper version 3.1.2. The vulnerability was initially disclosed on October 20, 2025, and was last modified in the National Vulnerability Database on October 28, 2025. This security flaw affects the access control mechanisms within the Flipper application (NVD).

The vulnerability is classified as CWE-1220 (Insufficient Granularity of Access Control). It received a CVSS v4.0 Base Score of 2.3 (Low) with the vector string CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green. Additionally, it has a CVSS v3.1 Base Score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is network-accessible but requires high attack complexity according to the v4.0 scoring (NVD).

The vulnerability could allow a low-privilege user to elevate privileges within the application, potentially gaining unauthorized access to protected functionality and resources. The CVSS v3.1 scoring indicates high potential impact on confidentiality, integrity, and availability of the system (NVD).

OpenText has documented this vulnerability in their knowledge base article KB0850530. Users should refer to the vendor advisory for specific mitigation steps (OpenText Advisory).