CVE-2025-41351
Unknown Unknown - Not Provided
Padding Oracle Vulnerability in Funambol v30.0.0.20 Cloud Server

Publication date: 2026-01-28

Last updated on: 2026-01-28

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate β€˜self-signed’ access URLs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-28
Last Modified
2026-01-28
Generated
2026-05-07
AI Q&A
2026-01-29
EPSS Evaluated
2026-05-05
NVD
CVE-2025-41351
EUVD
EUVD-2025-206478
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
funambol funambol 30.0.0.20
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-649 The product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect if those inputs have been modified.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Padding Oracle Attack on the Funambol v30.0.0.20 cloud server. It exploits the thumbnail display URL, allowing an attacker to decrypt and encrypt parameters used by the application to generate 'self-signed' access URLs.


How can this vulnerability impact me? :

An attacker could use this vulnerability to decrypt and encrypt parameters, potentially gaining unauthorized access to resources by manipulating 'self-signed' access URLs, which could lead to data exposure or unauthorized actions within the Funambol cloud server environment.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart