CVE-2025-48207

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions reint downloadmanager extension versions prior to 5.0.1

Description The issue allows Insecure Direct Object Reference, enabling remote attackers to read arbitrary files via the downloaduid parameter in the "downloadAction".

Recommendations For versions prior to 5.0.1, update to version 5.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the downloaduid parameter in the downloadAction to minimize the risk of exploitation.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-425

Related Identifiers

BDU:2025-06008

CVE-2025-48207

GHSA-JJWH-4X89-7F5W

Affected Products

Resident Download Manager

CVE-2025-48207

Weakness Enumeration

Related Identifiers

Affected Products

References · 11