EUVD-2025-197986

ID: EUVD-2025-197986

Severity: critical

CVSS v4: 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.

Timestamps

Normalized: 2025-12-31T11:32:38Z UTC
Last updated: 2025-12-31T11:31:47Z UTC

References

No references provided.

VulnAI

EUVD-2025-197986

Description

Timestamps

References