← back
CVE-2025-41358

Direct reference to insecure objects (IDOR) in CronosWeb from CronosWeb i2A

CVSS 8.3 HIGHEPSS 0.3%CWE-639
Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in '/CronosWeb/Modulos/Personas/DocumentosPersonales/AdjuntarDocumentosPersonas'.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Affected products
CronosWeb i2A · CronosWeb

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.incibe.es/en/incibe-cert/notices/aviso/direct-reference-insecure-objects-idor-cronosweb-cronosweb-i2a