216.73.217.98

CVE-2025-3575

· Published 15/04/2025 09:15 · Modified 15/04/2025 18:39

Labels: CVE-2025-3575 2025-04-15CVE-2025-3575CWE-639[email protected]

Essential information

Published
15/04/2025 09:15
Modified
15/04/2025 18:39
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
t-innova / deporsite cpe:2.3:a:t-innova:deporsite:*:*:*:*:*:*:*:*

References