CVE-2024-25461

Name of the Vulnerable Software and Affected Versions Creatio Terrasoft CRM version 7.18.4.1532

Description The issue allows a remote attacker to obtain sensitive information via a crafted request to the "terrasoft.axd" component. This enables the attacker to potentially access unauthorized data.

Recommendations For version 7.18.4.1532, consider restricting access to the "terrasoft.axd" component until a patch is available. As a temporary workaround, avoid using the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.