CVE-2025-13596

CVSS v4.0

2.7

Low

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:X/U:Clear

Name of the Vulnerable Software and Affected Versions ATISoluciones CIGES Application versions prior to 2.15.6

Description A sensitive information disclosure issue exists in the error handling component. When unexpected conditions cause unhandled exceptions, the application returns detailed error messages and stack traces to the client. This could expose internal filesystem paths, SQL queries, database connection details, or environment configuration data to remote, unauthenticated attackers. This allows information gathering and reconnaissance.

Recommendations Update ATISoluciones CIGES Application to version 2.15.6 or later.

Fix

Generation of Error Message Containing Sensitive Information

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209CWE-200

Related Identifiers

CVE-2025-13596

Affected Products

Atisoluciones Ciges Application

CVE-2025-13596

Weakness Enumeration

Related Identifiers

Affected Products

References · 6