Security Advisory

CVE-2025-40673

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-28 10:54:46

Last updated 2025-05-28 13:24:05

Assigner INCIBE

State PUBLISHED

Description

A Missing Authorization vulnerability has been found in DinoRANK. This vulnerability allows an attacker to access invoices of any user via accessing endpoint /facturas/YYYY-MM/SDRYYMM-XXXXX.pdf because there is no access control. The pdf filename can be obtained via OSINT, insecure network traffic or brute force.

← Browse all CVEs View on cve.org ↗