CVE-2025-41358

Vulnerability Description

Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in '/CronosWeb/Modulos/Personas/DocumentosPersonales/AdjuntarDocumentosPersonas'.

Related Weaknesses (CWE)

CWE-639

References

https://www.incibe.es/en/incibe-cert/notices/aviso/direct-reference-insecure-obj

FAQ

What is CVE-2025-41358?

CVE-2025-41358 is a documented vulnerability. Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents ...

How severe is CVE-2025-41358?

CVSS scoring is not yet available for CVE-2025-41358. Check NVD for updates.

Is there a patch for CVE-2025-41358?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.