CVE-2025-41077HIGH 8.1EPSS p10.5%

CVE-2025-41077CVE-2025-41077

Description

IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality to access the application by impersonating any user, including those with administrative permissions.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.21% probability of exploitation · percentile 10.5% · 2026-06-18T12:00:27Z
Published2026-01-12
Last modified2026-01-29

Underlying weaknesses· 1

CWE-639

References

  1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-viafirma-products

1

TypeTargetConfidenceTier
WeaknessAuthorization Bypass Through User-Controlled Keycwe-6390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-41078
CVE
CVE-2025-48986
CVE
CVE-2026-5779
CVE
CVE-2025-43790
CVE
CVE-2025-49851
CVE
CVE-2025-52389
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.