CVE-2023-5921 DECE Software CVE debrief

Who should care

Administrators and security teams responsible for DECE Software Geodi deployments should care, especially if the product is installed on systems where local users or low-privilege accounts are present. Organizations that rely on Geodi for workflow-controlled operations should prioritize validation of their installed version.

Technical summary

The source advisory and NVD record describe an improper enforcement of behavioral workflow, categorized by USOM with CWE-841. In practical terms, the control flow or state checks intended to gate application behavior can be bypassed in affected versions of Geodi prior to 8.0.0.27396. The NVD CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) suggests a local attack requiring low privileges, with high potential impact to confidentiality and integrity but no listed availability impact.

Defensive priority

High. Because the issue is locally exploitable with low privileges and can affect confidentiality and integrity, patching or upgrading should be treated as a near-term priority for any exposed Geodi installation.

Recommended defensive actions

• Upgrade DECE Software Geodi to version 8.0.0.27396 or later.
• Inventory all Geodi installations and confirm the exact build/version deployed.
• Restrict local account access and review which users have privileges on systems running Geodi.
• Monitor vendor and advisory channels for any additional guidance or remediation notes.
• Validate that workflow or authorization controls in dependent processes behave as expected after updating.

Evidence notes

This debrief is based only on the supplied NVD record and linked USOM references. The vulnerability is identified as CVE-2023-5921, first published on 2023-11-22, with the NVD record later modified on 2026-05-20. The source data lists affected versions before 8.0.0.27396 and includes a CWE-841 secondary classification from the advisory.

Official resources