CVE-2025-41015

Name of the Vulnerable Software and Affected Versions TCMAN GIM version 20250304

Description An issue exists that allows an unauthenticated attacker to determine whether a user exists on the system. This is exploitable through the pda:username parameter with soapaction GetUserQuestionAndAnswer in the /WS/PDAWebService.asmx API endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.