CVE-2025-11843

216.73.216.6

· Published 31/10/2025 10:15 · Modified 31/10/2025 10:15

Labels: CVE-2025-11843 2025-10-31 4586e0a2-224d-4f8a-9cb4-8882b208c0b3 CVE-2025-11843 CWE-290

Essential information

Published: 31/10/2025 10:15
Modified: 31/10/2025 10:15
Author: —
Creator: —
CVSS: 8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the Therefore™ Server. If the malicious user gains this impersonation user access, then it is possible for them to access the documents stored in Therefore™. This impersonation is at application level (Therefore access level), not the operating system level.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 4586e0a2-224d-4f8a-9cb4-8882b208c0b3
NVD: View on NVD

Affected products (CPE)

Product	CPE
therefore / therefore online	`cpe:2.3:a:therefore:therefore_online::::::::`
therefore / therefore on-premises	`cpe:2.3:a:therefore:therefore_on-premises::::::::`
therefore / therefore server	`cpe:2.3:a:therefore:therefore_server::::::::`