CVE-2025-41351
Unknown Unknown - Not Provided

Padding Oracle Vulnerability in Funambol v30.0.0.20 Cloud Server

Vulnerability report for CVE-2025-41351, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-28

Last updated on: 2026-01-28

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate β€˜self-signed’ access URLs.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-28
Last Modified
2026-01-28
Generated
2026-07-06
AI Q&A
2026-01-29
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
funambol funambol 30.0.0.20

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-649 The product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect if those inputs have been modified.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Padding Oracle Attack on the Funambol v30.0.0.20 cloud server. It exploits the thumbnail display URL, allowing an attacker to decrypt and encrypt parameters used by the application to generate 'self-signed' access URLs.

Impact Analysis

An attacker could use this vulnerability to decrypt and encrypt parameters, potentially gaining unauthorized access to resources by manipulating 'self-signed' access URLs, which could lead to data exposure or unauthorized actions within the Funambol cloud server environment.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-41351. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart