OpenText Flipper 3.1.2: ACL Granularity Enables Privilege Elevation
CVE-2025-8049 Published on October 20, 2025
Insufficient Access Control vulnerability has been discovered in OpenText Flipper.
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application.
This issue affects Flipper: 3.1.2.
Weakness Type
Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
Affected Versions
opentext Flipper Version 3.1.2 is affected by CVE-2025-8049Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.