PT-2025-42435 · Sergestec · Sergestec Exito 8.0

Ignacio Aldarabi

Published

2025-10-16

Updated

2025-10-21

CVE-2025-41020

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sergestec Exito version 8.0

Description An insecure direct object reference (IDOR) issue exists in Sergestec Exito version 8.0. This allows an attacker to access data belonging to other customers. The issue is present in the /admin/ticket a4.php endpoint, specifically through manipulation of the id parameter.

Recommendations Restrict access to the /admin/ticket a4.php endpoint. Sanitize or validate the id parameter to ensure it corresponds to the authorized data.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-41020

Affected Products

Sergestec Exito 8.0

PT-2025-42435 · Sergestec · Sergestec Exito 8.0

CVE-2025-41020

Weakness Enumeration

Related Identifiers

Affected Products

References · 7