exploitDog

CVE-2025-41077

Опубликовано: 12 янв. 2026

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality to access the application by impersonating any user, including those with administrative permissions.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-viafirma-products
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:viafirma:inbox:*:*:*:*:*:-:*:*

Версия до 4.5.27 (исключая)

EPSS

Процентиль: 7%

0.00026

Низкий

8.1 High

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-xvh8-9h96-57r8

CVSS3: 8.1

github

27 дней назад

IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality to access the application by impersonating any user, including those with administrative permissions.

EPSS

Процентиль: 7%

0.00026

Низкий

8.1 High

CVSS3

Дефекты

CWE-639