Can you explain this vulnerability to me?

CVE-2025-41358 is a Direct Object Reference (IDOR) vulnerability in CronosWeb by i2A, affecting versions prior to 25.00.00.12. It allows an authenticated attacker to access other users' documents by manipulating the 'documentCode' parameter in a specific endpoint. This means that by changing this parameter, an attacker can view documents they should not have access to. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can impact you by allowing an authenticated attacker to access sensitive documents belonging to other users without authorization. This could lead to unauthorized disclosure of personal or confidential information managed within the CronosWeb platform. [1]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring requests to the endpoint '/CronosWeb/Modulos/Personas/DocumentosPersonales/AdjuntarDocumentosPersonas' and checking for manipulation of the 'documentCode' parameter. You can use network traffic analysis tools like curl or wget to send authenticated requests with different 'documentCode' values to see if unauthorized documents are accessible. For example, using curl: curl -X GET 'https://<your-cronosweb-domain>/CronosWeb/Modulos/Personas/DocumentosPersonales/AdjuntarDocumentosPersonas?documentCode=<value>' -H 'Cookie: <authenticated-session-cookie>' and observe if documents of other users are returned. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade CronosWeb to version 25.01 or later, where this vulnerability has been fixed. Additionally, restrict access to the affected endpoint to only authorized users and monitor for suspicious activity involving the 'documentCode' parameter. [1]

Useful 0 Not Useful 0