CVE-2025-40669

Name of the Vulnerable Software and Affected Versions TCMAN's GIM version 11

Description The issue is related to incorrect authorization, allowing an unprivileged attacker to modify user permissions by sending a POST request to "/PC/Options.aspx?Command=2&Page=-1". This enables the attacker to alter permissions for all application users, including their own.

Recommendations For TCMAN's GIM version 11, consider restricting access to the "/PC/Options.aspx" endpoint until a patch is available, and avoid using the Command and Page parameters in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.