CVE-2025-41078HIGH 8.1EPSS p10.5%

CVE-2025-41078CVE-2025-41078

Description

Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the generation and signing of documents.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.21% probability of exploitation · percentile 10.5% · 2026-06-18T12:00:27Z
Published2026-01-12
Last modified2026-01-29

Underlying weaknesses· 1

CWE-863

References

  1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-viafirma-products

1

TypeTargetConfidenceTier
WeaknessIncorrect Authorizationcwe-8630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-41077
CVE
CVE-2025-30398
CVE
CVE-2025-65742
CVE
CVE-2025-14101
CVE
CVE-2025-30412
CVE
CVE-2026-40417
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.