CVE-2025-41346 | THREATINT

Description

Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-18 | Updated 2025-11-18 | Assigner INCIBE

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-863 Incorrect Authorization

Product status

Default status

unaffected

24.11.27

affected

Credits

Antonio Moreno Gómez finder

References

www.incibe.es/...-scripting-xss-winplus-informatica-del-este

cve.org (CVE-2025-41346)

nvd.nist.gov (CVE-2025-41346)

Download JSON