PT-2025-50322 · I2A · I2A Cronosweb
Published
2025-12-10
·
Updated
2025-12-10
·
CVE-2025-41358
CVSS v4.0
8.3
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
i2A CronosWeb versions prior to 25.00.00.12
Description
An authenticated attacker may be able to access other users' documents by manipulating the
documentCode parameter. The vulnerability exists in the '/CronosWeb/Modulos/Personas/DocumentosPersonales/AdjuntarDocumentosPersonas' API endpoint.Recommendations
Update i2A CronosWeb to version 25.00.00.12 or later.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
I2A Cronosweb