CVE-2025-34293
BaseFortify
Publication date: 2025-10-24
Last updated on: 2025-10-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| miles33 | gn4_publishing_system | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an insecure direct object reference (IDOR) in GN4 Publishing System versions prior to 2.6. It allows an authenticated user to make API requests for arbitrary user IDs and retrieve sensitive account data, including stored passwords and security questions and answers. This exposure can be exploited to reset or take over other user accounts.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive user account information, enabling attackers to reset passwords or take over accounts. This compromises user privacy and security, potentially leading to account hijacking and misuse of personal data.