216.73.217.64

CVE-2025-41335

· Published 04/11/2025 14:15 · Modified 05/11/2025 17:03

Labels: CVE-2025-41335 2025-11-04CVE-2025-41335CWE-862[email protected]

Essential information

Published
04/11/2025 14:15
Modified
05/11/2025 17:03
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and ' 'id_sociedad' in '/api/buscarEmpresaById.php'.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
canaldenuncia / canaldenuncia.app cpe:2.3:a:canaldenuncia:canaldenuncia.app:*:*:*:*:*:*:*:*

References