CVE-2025-12461 | THREATINT

Description

This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which modules are installed.

PUBLISHED Reserved 2025-10-29 | Published 2025-10-29 | Updated 2025-10-29 | Assigner INCIBE

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-522 Insufficiently Protected Credentials

Product status

Default status

unaffected

3.03.36.0185

affected

Credits

Oscar Atienza finder

References

www.incibe.es/...parts-application-epsilon-rh-grupo-castilla

cve.org (CVE-2025-12461)

nvd.nist.gov (CVE-2025-12461)

Download JSON