CVE-2025-2125

Name of the Vulnerable Software and Affected Versions Control iD RH iD version 25.2.25.0

Description A vulnerability has been found in the PDF Document Handler component of Control iD RH iD, affecting unknown code of the file "/v2/report.svc/comprovante marcacao/?companyId=1". The manipulation of the nsr argument leads to improper control of resource identifiers. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations As a temporary workaround, consider restricting access to the "/v2/report.svc/comprovante marcacao/" API endpoint until a patch is available. Avoid using the nsr argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.