CVE-2025-10947
BaseFortify
Publication date: 2025-09-25
Last updated on: 2026-03-25
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sistemas_pleno | gestao_de_locacoes | 2025.7 |
| sistemas_pleno | gestao_de_locacoes | 2025.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the Sistemas Pleno Gestão de Locação software up to version 2025.7.x, specifically in an unknown function within the /api/areacliente/pessoa/validarCpf file of the CPF Handler component. By manipulating the argument 'pes_cpf', an attacker can bypass authorization controls remotely, potentially gaining unauthorized access. The issue can be fixed by upgrading to version 2025.8.0.
How can this vulnerability impact me? :
The vulnerability allows an attacker to bypass authorization remotely by manipulating the 'pes_cpf' argument. This means unauthorized users could gain access to restricted areas or functions within the system, potentially exposing sensitive information or performing actions without permission.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Sistemas Pleno Gestão de Locação to version 2025.8.0, as this version resolves the authorization bypass issue in the /api/areacliente/pessoa/validarCpf component.