CVE-2025-62362
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-13

Last updated on: 2025-10-14

Assigner: GitHub, Inc.

Description
gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information disclosure may violate employee privacy expectations and could be used for targeted attacks or unwanted contact. This issue has been patched in versions 2.0.3, 3.0.2, and 4.0.1. No known workarounds exist.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-13
Last Modified
2025-10-14
Generated
2026-05-07
AI Q&A
2025-10-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-62362
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
gpp-burgerportaal gpp-burgerportaal 2.0.2
gpp-burgerportaal gpp-burgerportaal 3.0.1
gpp-burgerportaal gpp-burgerportaal 4.0.0
gpp-burgerportaal gpp-burgerportaal 3.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-359 The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in gpp-burgerportaal, a Dutch government citizen portal application, causes the name and email address of employees who publish content to be exposed in network responses. This information can be seen by anyone viewing the browser's developer tools network tab, leading to unintended disclosure of employee personal information. The issue affects versions before 2.0.3, 3.0.2, and 4.0.1 and has been fixed in those versions.


How can this vulnerability impact me? :

The vulnerability can impact you by exposing employee names and email addresses to unauthorized parties. This exposure may lead to privacy violations, targeted attacks such as phishing or social engineering, and unwanted contact or harassment of employees.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability may violate employee privacy expectations and could potentially lead to non-compliance with privacy regulations such as GDPR, which require protection of personal data. Exposing employee names and email addresses without consent could be considered a data breach under such regulations.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by inspecting network responses in the browser's developer tools network tab to see if employee names and email addresses are exposed. There are no specific commands provided to detect this vulnerability on the network or system.


What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to upgrade gpp-burgerportaal to version 2.0.3, 3.0.2, or 4.0.1 or later, where the issue has been patched. No known workarounds exist.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart