CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-41077

IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality to access the application by impersonating any user, including those with administrative permissions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.1%

CVSS Severity

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-viafirma-products

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-41077

Products

Pricing

Contact Us