EUVD-2025-206478

ID: EUVD-2025-206478

Severity: medium

CVSS v4: 6.0 (CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs.

Timestamps

Normalized: 2026-01-28T23:21:13Z UTC
Last updated: 2026-01-28T23:21:13Z UTC

References

No references provided.

VulnAI

EUVD-2025-206478

Description

Timestamps

References