Security Advisory

CVE-2025-41030

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-02 08:14:24
Last updated 2025-09-02 13:47:18
Assigner INCIBE
State PUBLISHED

Description

Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.