CVE-2025-40658

Name of the Vulnerable Software and Affected Versions DM Corporative CMS (affected versions not specified)

Description An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the option parameter equal to 0, 1, or 2 in the "/administer/selectionnode/framesSelection.asp" API endpoint.

Recommendations As a temporary workaround, consider restricting access to the "/administer/selectionnode/framesSelection.asp" API endpoint to minimize the risk of exploitation. Avoid using the option parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.