CVE-2025-41341

Name of the Vulnerable Software and Affected Versions CanalDenuncia.app (affected versions not specified)

Description A missing authorization issue exists in CanalDenuncia.app that allows an attacker to access other users' information. This is achieved by sending a POST request with specific parameters to a particular API endpoint. The vulnerable API endpoint is '/backend/api/buscarUsuarioByDenuncia.php', and the vulnerable parameters are id denuncia and seguro.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.