1. Home
  2. CVE Database
  3. CVE-2025-40673
NONE · 0

CVE-2025-40673

A Missing Authorization vulnerability has been found in DinoRANK. This vulnerability allows an attacker to access invoices of any user via accessing endpoint '/facturas/YYYY-MM/SDRYYMM-XXXXX.pdf' be...

Vulnerability Description

A Missing Authorization vulnerability has been found in DinoRANK. This vulnerability allows an attacker to access invoices of any user via accessing endpoint '/facturas/YYYY-MM/SDRYYMM-XXXXX.pdf' because there is no access control. The pdf filename can be obtained via OSINT, insecure network traffic or brute force.

Related Weaknesses (CWE)

CWE-862

References

FAQ

What is CVE-2025-40673?

CVE-2025-40673 is a documented vulnerability. A Missing Authorization vulnerability has been found in DinoRANK. This vulnerability allows an attacker to access invoices of any user via accessing endpoint '/facturas/YYYY-MM/SDRYYMM-XXXXX.pdf' be...

How severe is CVE-2025-40673?

CVSS scoring is not yet available for CVE-2025-40673. Check NVD for updates.

Is there a patch for CVE-2025-40673?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.