CVE-2025-2202

Summary

Broken access control vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain sensitive information about other users such as id, name, login and email.

Affected Software

VendorProductVersion RangeStatus
Innovación y Cualificaciónajax.php pluginall versionsaffected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References