Security Advisory

CVE-2025-41358

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-10 11:16:28

Last updated 2025-12-10 16:40:32

Assigner INCIBE

State PUBLISHED

Description

Direct Object Reference Vulnerability (IDOR) in i2As CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users documents by manipulating the ‘documentCode’ parameter in /CronosWeb/Modulos/Personas/DocumentosPersonales/AdjuntarDocumentosPersonas.

← Browse all CVEs View on cve.org ↗