CVE-2025-41404
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-26

Last updated on: 2025-09-30

Assigner: JPCERT/CC

Description
Direct request ('Forced Browsing') issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-26
Last Modified
2025-09-30
Generated
2026-05-07
AI Q&A
2025-06-26
EPSS Evaluated
2026-05-05
NVD
CVE-2025-41404
EUVD
EUVD-2025-27987
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
irohasoft iroha_board to 0.10.13 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-425 The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Direct request ('Forced Browsing') issue in iroha Board versions v0.10.12 and earlier. It allows an attacker who can log in to the affected product to view non-public contents by bypassing normal access controls.


How can this vulnerability impact me? :

If exploited, this vulnerability can allow an attacker with login access to view non-public content that they should not normally have access to, potentially leading to unauthorized disclosure of sensitive information.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update iroha Board to version v0.10.13 or later, as the issue is fixed in these versions. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart