Dovestones Software AD Phonebook versions prior to 4.0.0.11 contain an access control flaw in an administrative configuration endpoint that allows unauthenticated attackers to modify application settings despite an HTTP 401 response.
pentestrox
pentestrox
/ CVE-2025-65819.md
Created
January 17, 2026 06:22
pentestrox
/ CVE-2025-65818.md
Last active
January 17, 2026 06:29
An authentication and authorization bypass vulnerability exists in Dovestones Software AD Phonebook versions prior to 4.0.0.11. The application exposes an administrative file upload endpoint that can be accessed by unauthenticated remote attackers.