CVE-2025-13596
BaseFortify
Publication date: 2025-11-24
Last updated on: 2025-11-24
Assigner: ATIS
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| atisoluciones | ciges_application | 2.15.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a sensitive information disclosure issue in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When unexpected conditions cause unhandled exceptions, the application returns detailed error messages and stack traces to the client. These messages may reveal internal filesystem paths, SQL queries, database connection details, or environment configuration data to remote unauthenticated attackers. While it allows attackers to gather information and perform reconnaissance, it does not allow direct system compromise.
How can this vulnerability impact me? :
The vulnerability can impact you by exposing sensitive internal information such as filesystem paths, SQL queries, database connection details, and environment configuration data to remote unauthenticated attackers. This information disclosure can aid attackers in gathering intelligence about the system, potentially facilitating further attacks or exploitation, although it does not directly allow system compromise.