PT-2025-51251 · Newgen · Newgen Omnidocs
Cbx216
·
Published
2025-12-15
·
Updated
2025-12-15
·
CVE-2025-65742
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Newgen OmniDocs version 11.0
Description
An unauthenticated Broken Function Level Authorization (BFLA) exists in Newgen OmniDocs v11.0. This allows attackers to obtain sensitive information and execute a full account takeover by sending a specially crafted API request. The vulnerability occurs due to insufficient authorization checks, enabling unauthorized access to functionality.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Newgen Omnidocs