CVE-2025-69907

Name of the Vulnerable Software and Affected Versions Newgen OmniDocs (affected versions not specified)

Description An unauthenticated information disclosure issue exists in Newgen OmniDocs. The /omnidocs/GetListofCabinet API endpoint lacks proper authentication and access control, allowing an attacker to access it without credentials. This access enables retrieval of sensitive internal configuration information, such as cabinet names and database metadata. This could allow unauthorized enumeration of backend deployment details and potentially facilitate further attacks. The vulnerable API endpoint is /omnidocs/GetListofCabinet.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.