CVE-2025-62362
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-13

Last updated on: 2025-10-14

Assigner: GitHub, Inc.

Description
gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information disclosure may violate employee privacy expectations and could be used for targeted attacks or unwanted contact. This issue has been patched in versions 2.0.3, 3.0.2, and 4.0.1. No known workarounds exist.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-13
Last Modified
2025-10-14
Generated
2026-06-16
AI Q&A
2025-10-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62362
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
gpp-burgerportaal gpp-burgerportaal 2.0.2
gpp-burgerportaal gpp-burgerportaal 3.0.1
gpp-burgerportaal gpp-burgerportaal 4.0.0
gpp-burgerportaal gpp-burgerportaal 3.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-359 The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in gpp-burgerportaal, a Dutch government citizen portal application, causes the name and email address of employees who publish content to be exposed in network responses. This information can be seen by anyone viewing the browser's developer tools network tab, leading to unintended disclosure of employee personal information. The issue affects versions before 2.0.3, 3.0.2, and 4.0.1 and has been fixed in those versions.

Impact Analysis

The vulnerability can impact you by exposing employee names and email addresses to unauthorized parties. This exposure may lead to privacy violations, targeted attacks such as phishing or social engineering, and unwanted contact or harassment of employees.

Compliance Impact

This vulnerability may violate employee privacy expectations and could potentially lead to non-compliance with privacy regulations such as GDPR, which require protection of personal data. Exposing employee names and email addresses without consent could be considered a data breach under such regulations.

Detection Guidance

This vulnerability can be detected by inspecting network responses in the browser's developer tools network tab to see if employee names and email addresses are exposed. There are no specific commands provided to detect this vulnerability on the network or system.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade gpp-burgerportaal to version 2.0.3, 3.0.2, or 4.0.1 or later, where the issue has been patched. No known workarounds exist.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62362. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart