exploitDog

CVE-2025-41078

Опубликовано: 12 янв. 2026

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the generation and signing of documents.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-viafirma-products
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:viafirma:documents:*:*:*:*:*:-:*:*

Версия до 3.7.139 (исключая)

cpe:2.3:a:viafirma:documents_compose:*:*:*:*:*:*:*:*

Версия до 1.9.2 (исключая)

EPSS

Процентиль: 9%

0.00032

Низкий

8.1 High

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-r7v3-974m-576m

CVSS3: 8.1

github

27 дней назад

Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the generation and signing of documents.

EPSS

Процентиль: 9%

0.00032

Низкий

8.1 High

CVSS3

Дефекты

CWE-863