EUVD-2025-202413

ID: EUVD-2025-202413

Severity: high

CVSS v4: 8.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in '/CronosWeb/Modulos/Personas/DocumentosPersonales/AdjuntarDocumentosPersonas'.

Timestamps

Normalized: 2025-12-31T11:32:43Z UTC
Last updated: 2025-12-31T11:32:10Z UTC

References

No references provided.

VulnAI

EUVD-2025-202413

Description

Timestamps

References